HIPAA Regulations for Radiologists 101

HIPAA regulations are a complex set of rules and regulations that are designed to promote a more patient oriented medical system that enhances patient care. HIPAA regulations that promote the accessibility of medical records to patients and increase the security of electronic patient health information are also included in the HIPAA Omnibus Rule. Radiologists often receive patients through a referral system or send patient files to another medical doctor or facility after x-rays and other scans are interpreted. This constant sharing of sensitive patient information makes learning what are HIPAA regulations and how do they affect radiologists an important task for any radiologist.

HIPAA Omnibus Rule

The HIPAA Omnibus Rule has changed the way that patient information is collected, stored, transmitted and created in response to the HITECH Act. The HITECH Act offers organizations incentives for using electronic patient health information while improving the security of that data. When asking what are HIPAA regulations one of the most important things to consider is your organization’s privacy policy. New HIPAA regulations state that organizations and entities must update their privacy policies and business agreements to comply with the current standards.

Current HIPAA standards require that all businesses sharing patient information must be HIPAA compliant. For instance, if a radiologist receives referrals or bills insurance companies on behalf of clients, the insurance company and the organization referring clients should both be HIPAA compliant. Current business associate agreements will be allowed until late September of 2014, but after that date all business associates will need to comply with the HIPAA Security Rule to avoid penalties or fines.

What is affected by HIPAA?

Nearly every aspect of creating, sharing and transmitting electronic patient health information has been affected by new HIPAA regulations. In addition to revising and updating your organization’s privacy policies and business agreements, you will also need to look at your internal records storage and the accessibility of patient records. For instance, your internal computer systems must be secure and protected from data loss or third-party access. Data encryption is required anytime that you transmit electronic patient information. If your organization is using a third-party storage system for patient health information, the company providing web-based storage services will also need to be HIPAA compliant.

One of the areas that will be most affected for radiologists is how patient information is disclosed. Since radiology is a field where referrals are very common, care must be taken to ensure formal, written consent is provided each time you share patient health information. For example, a radiologist sending the results of an x-ray to a general practitioner will need to have written consent by the patient to do so. In order to understand and comply with current HIPAA regulations, it is best to use a HIPAA compliance checklist and HIPAA compliance software. HIPAA compliance software will walk you through the process of meeting current HIPAA regulations and help you avoid the confusion of updating and revising your current policies and practices on your own.

What Is the HITECH Act?

 

The HITECH Act, or the Health Information Technology for Economic and Clinical Health Act, was passed in February of 2009. Starting in the year 2011, organizations and entities within the medical industry were offered incentives if they were able to prove meaningful use of electronic health information. Meaningful use is divided into three stages that begin in the years 2011, 2014 and 2016. The HITECH Act focuses on utilizing electronic record keeping methods to improve individual patient care and the national healthcare system in general.

Rules and Regulations

To understand what is the HITECH Act, organizations and entities will need to learn more about the basic guidelines of the act. For instance, any data breach that is unauthorized must be disclosed to the affected parties and large data breaches that affect more than 500 patients must also be reported to the Department of Health and Human Services. The HITECH Act also promotes the use of electronic health information. Electronic patient health information must be made readily available to patients and managed using regulations that ensure the security of the information.

Enforced Penalties

One of the aspects that will affect organizations and entities within the healthcare industry is the enhanced enforcement of HIPAA guidelines under the HITECH Act. Both organizations that provide healthcare and their business associates will be responsible for completing a HIPAA audit checklist and providing written documentation of their audit. Relying on business associates that are HIPAA compliant is important under the HITECH Act.

A HIPAA audit checklist can help businesses work through the complex requirements of the HITECH Act. Organizations and entities that store, transmit or create electronic patient health information must prove they are compliant under the current HIPAA guidelines. What is the HITECH Act is best answered by working through a HIPAA audit checklist and relying on professional HIPAA coaches when you have questions.