Under the HIPAA Privacy Rule, patients have several rights regarding their medical records, including a right to access, a right to amend, and, in some circumstances, a right to restrict disclosures of their protected health information (PHI). Understanding and complying with those rights is an important component of quality patient care.
If you own a small- to medium-sized physical therapy practice, you are most likely preoccupied with daily operations such as paying bills, marketing your practice, and treating patients. You may know about HIPAA at a high-level—and you may also worry from time to time about a data breach. But, compliance and security are complicated; the regulations are written in legalese.
Before 2015, data breaches were mostly confined to retail businesses. However, as more patient information becomes digitized, big data breaches are becoming more common in health care. And hackers don’t discriminate; they target organizations of all types and sizes, ranging from big hospitals to small private practices.
As exhibited in the news items below, small practices are not immune to HIPAA scrutiny by the federal government’s Department of Health and Human Services (DHHS)—as investigated by their enforcement agency, the Office of Civil Rights (OCR).