The moment you sign on for your new medical billing and coding job keeping patient information private becomes vital. Most healthcare providers require employees and vendors to sign confidentiality agreements. These agreements serve as your acknowledgment that you will keep any patient information confidential.
Keeping patient info confidential isn’t just the right thing to do; it’s the law as outlined by HIPAA. So when you sign your confidentiality agreement, be sure you mean it. Patient confidentiality is serious business, and violating this confidence may result in a fine or, in serious circumstances, imprisonment.
HIPAA and criminal liability
In June 2005, the United States Justice Department issued a clarification regarding who can be held criminally liable under HIPAA. They are the big boys of healthcare: health plans, healthcare clearinghouses, healthcare providers who transmit claims in electronic form, and Medicare prescription drug card sponsors. Individuals such as directors, employees, or officers of the covered entity may also be directly criminally liable.
Any of these entities and individuals who disclose protected health information may face a fine of up to $50,000 and up to one year in prison. Offenses committed under false pretenses can result in fines of up to $100,000 and five years of prison.
Offenses that involve intention to sell or use individually identifiable health information for personal gain, commercial advantage, or malice can result in fines of $250,000 and 10 years of prison.
Steps you can take to protect confidentiality
Patients trust the provider and the provider’s staff to protect their personal information. Providers ask for patient Social Security numbers, birth dates, addresses, and other information that opens the door for identity theft. A lot is at stake for your patients when they release this highly personal information to you, and you owe keep it private.
Protecting the patient’s personal information begins in the reception area or waiting room. Gone are the days when the nurse or other employee would call a patient by first and last name (it gives away a patient’s identity to everyone in the waiting room), or when the admitting personnel would ask the patient to explain the reason for the visit in front of other patients.
Today, because of HIPAA, providers have taken great steps to protect patient identity and privacy: Patient records are kept in locked files out of the view of the public. Patient registration information is kept in computers that are password protected and that timeout within a few minutes of inactivity.
Passwords for clearinghouse access, software access, and insurance website access must be changed at specified intervals. All employees must have their own usernames and passwords, and sharing their access information with others is a HIPAA violation. These are just a few of the changes.
You can help keep your client’s circle of trust intact by working with fellow office colleagues to stay abreast of HIPAA rules and regulations. You can also offer to be the office HIPAA liaison with outside entities to insure the office standards are keep current.
Protecting confidentiality when working with others
You’re not the only person who has access to a patient’s personal information. The healthcare provider obtains permission from the patient to share this personal information with other stakeholders as necessary to receive reimbursement for the services provided.
These other stakeholders include the insurance company (which needs to know the reason treatment was provided) and the clearinghouse (which is privy to the patient’s personal health information during transmission of the claim). Both clearinghouses and payers must follow the same privacy standards mandated by HIPAA.