Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. HIPAA requires the protection and confidential handling of protected health information including patient health information, demographic information, physical or mental health, health care payment provisions, and client identity. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. Failure to comply with HIPAA can result in civil and criminal penalties (42 USC § 1320d-5). 

• Improper disposal of patient records; shredding is necessary before disposing of a patient’s record.
• Insider snooping, which refers to family members or coworkers looking into a person’s medical records without authorization. This can be avoided with password protection, tracking systems, and clearance levels.
• Releasing information to an undesignated party; only the exact person listed on the authorization form may receive patient information.
• Releasing the wrong patient’s information; through a careless mistake, someone releases information to the wrong patient. This sometimes happens when two patients have the same or similar name.
• Unprotected storage of private health information, such as a laptop that is stolen. Private information stored electronically needs to be stored on a secure device. This applies to a laptop, thumb drive, or any other electronic device.

Individuals in our care expect us to maintain the confidentiality and security of all their Protected Health Information (PHI). Ava Family Services does not use, disclose, or discuss client-specific information with others unless the client authorizes the release of their information, or we are required or authorized by law to release it. Ava Family Services maintains the confidentiality of client medical information and uses appropriate security measures to protect this information, including information contained in client charts. Ava Family Services also uses appropriate security measures for PHI in all communications.