Today's post comes from WebPT copywriters Charlotte Bohnett and Erica Cohen.

The Health Insurance Portability and Accountability Act  (HIPAA) is as dense as it is important. But for any healthcare provider handling private personal health information, which you promised to protect as part of the Health Information Privacy Rule, there are a few things you must know.

First, a little background information on HIPAA: US Congress established the Health Insurance Portability and Accountability Act in 1996. They implemented Title II: Preventing Health Care Fraud and Abuse to protect a patient’s private health information (PHI).

Under this act, all healthcare providers, insurers, and their business associates may only collect, share, or use a patient’s PHI in approved methods and only for the explicit purpose of furthering patient care.

PHI is defined as demographic information; medical history; test and laboratory results; insurance information; and any other data health professionals collect to identify individual patients and determine their appropriate care.

A HIPAA violation can be anything from discussing identifiable patient information with your friends over lunch to leaving your not-password-protected work laptop open at a coffee shop. And, if you are found to have committed wrongful disclosure of individually identifiable health information, there are financial and criminal repercussions—including fines of up to $50,000 and one-year imprisonment.

Serious stuff, yes. But none of this is meant to scare you. There are plenty of ways to arm yourself with the knowledge and internal processes necessary to ensure you and your clinic are fully HIPAA compliant. Plus, CMS knows that mistakes happen. Should you ever run into a situation where you think there may have been a potential HIPAA breach, this document explains who to notify and when.

So what are some best practices you can employ in your clinic to ensure HIPAA compliance? Here are three tips.

  1. Learn. There are tons of online resources available with explicit definitions, case studies, and trainings. Granted, the language can often be convoluted and masked in legalise, but it’s worth spending an afternoon scouring the web. Here are a few resources we’ve found helpful in understanding the beast-that-is-HIPAA.
    1. Ten Secrets to Effective HIPAA Training: Teach Your Staff to Trust the System
    2. HIPAA/HITECH Compliance Training
    3. HIPAA Survival Guide
  2. Teach. The knowledge you’ve gained in your research should not stop with you. Everyone at your clinic—from fellow therapists to your front office staff—should know all there is to know about HIPAA. And that goes beyond just understanding the seriousness of the act; your staff should also understand why it’s in place and be able to communicate this to your patients. Congress didn’t create HIPAA to make health care providers’ lives more difficult; nor did they institute it to add obstacles preventing patients from accessing their own health information. HIPAA is intended to protect patients from having their private information stolen and used against them—whether that be identify fraud or workplace discrimination. To ensure maximum compliance in your office, consider appointing a HIPAA compliance officer or one of these other 6 ways to make your office HIPAA compliant from Yahoo!
  3. Take it to the cloud. Most cloud-based EMR systems (like WebPT) provide unique user IDs and passwords for each therapist, therapist assistant, front-office staff, and administrator, allowing you (the clinic owner) to control access to your patients’ private information. And with secure data houses—like our IO Data Center in Phoenix, which boasts a defensible perimeter, digital video surveillance, biometric screening, and 24x7xForever guard staff—there is practically no threat of a physical or hacker-caused breach. Learn more about our gold-standard security here.

Those are our tips. What are yours? How do you hold your staff accountable? How do you ensure HIPAA compliance in your clinic? Share below in the comments section. Together, we can help everyone in the rehab community remain compliant

Triumph in the Triple-Aim Game: The Healthcare Executive’s Guide to Readmission Reduction, Patient Safety Promotion, and ACO Success - Regular BannerTriumph in the Triple-Aim Game: The Healthcare Executive’s Guide to Readmission Reduction, Patient Safety Promotion, and ACO Success - Small Banner
  • articleAug 16, 2012 | 5 min. read

    HIPAA Devices: 2 Myths Debunked, 1 Proved True

    Today's blog post comes from WebPT copywriters Charlotte Bohnett and Erica Cohen. So, you probably remember a few weeks ago we wrote a pretty comprehensive overview on how you can ensure HIPAA compliance in your clinic . We covered everything from HIPAA basics to continuing education and training. In case you didn’t have a chance to read it , here’s a refresher: US Congress established the Health Insurance Portability and Accountability Act in 1996. They implemented Title …

  • The Essential Guide to Disaster-Proofing Your PT, OT, or SLP Practice Image

    articleSep 28, 2015 | 11 min. read

    The Essential Guide to Disaster-Proofing Your PT, OT, or SLP Practice

    September is Disaster Recovery Month, which makes it a perfect time to think about disaster-proofing your practice. If you’re ready to skip this blog because you don’t think a disaster will impact your practice, consider the following factors: Not all disasters are city-wide events, and a disaster of any scale could destroy your practice. These events come in all shapes and sizes, from the sprinklers going off in your clinic and destroying your equipment, to snow storms …

  • 5 Things Small Practices Need to Know about HIPAA Image

    articleSep 20, 2017 | 9 min. read

    5 Things Small Practices Need to Know about HIPAA

    The Health Insurance Portability and Accountability Act of 1996 —a.k.a. HIPAA—does not distinguish between large and small practices. Fortunately, regulators do. While the law imposes the same requirements upon solo practitioners and large rehab hospitals, the manner in which those requirements are applied may depend upon your practice size. Contrary to what many providers believe, the onus of HIPAA’s requirements won’t hamper your clinical practice. In fact, I’ve found that they actually do the opposite: HIPAA provides …

  • articleJul 11, 2013 | 5 min. read

    HIPAA Final Omnibus Ruling: How Does it Apply to You?

    Curious as to how the  new rules  included in the HIPAA Final Omnibus Ruling apply to you and your clinic? Here, we provide a breakdown of what's in store for your practice starting September 23, 2013. The American Medical Association (AMA) published some great information to help physicians navigate this new ruling, which also applies to rehab therapists. According to the AMA, providers should focus most heavily on these three areas: 1. Privacy, Security, and Breach Notification …

  • Digital Critical: Data Protection, Password Security, and Computer Safeguards Image

    articleDec 9, 2015 | 10 min. read

    Digital Critical: Data Protection, Password Security, and Computer Safeguards

    In the past five years, the way rehab therapists perceive—and use—information technology in their clinics has changed dramatically. We used to manage our files with stationary computers and back-room servers we could only access within the office. Now, our teams are mobile, and we use tablets, laptops, and phones to access the powerful cloud applications—including the WebPT EMR —that help us do our jobs. Essentially, the servers of yesteryear have migrated to the cloud.  With this new …

  • A 10-Point Plan for Smart and Secure Electronic Communications with Patients Image

    articleMar 15, 2018 | 8 min. read

    A 10-Point Plan for Smart and Secure Electronic Communications with Patients

    As emails and text messages have become ubiquitous, patient expectations around provider responsiveness have increased. Gone are the days when providers set aside time each afternoon to return calls; now, they can simply respond to their patients’ texts—but should they? Many physical therapists, regardless of their practice model or patient population, are surprised to learn that they may not be allowed to interact with patients in the manner they—or their patients—prefer. These same providers are typically even …

  • How Will ICD-10 Affect Direct Access? (And Other Billing Questions) Image

    articleJul 16, 2015 | 6 min. read

    How Will ICD-10 Affect Direct Access? (And Other Billing Questions)

    In healthcare sectors across the globe, ICD-10 is hardly  a new concept . But in the US, we’ve been hesitant to adopt the updated system since its inception more than 30 years ago. In just a few short months, though, that’s all going to change. If you’ve been watching the news, reading  the WebPT Blog , or talking with your colleagues, you’ve probably gotten the sense that the  ICD-10 delay , debates, and—for some—dread are about to …

  • Last Legs: The Compliance Vulnerabilities of Dead or Dying Software Image

    articleOct 24, 2016 | 5 min. read

    Last Legs: The Compliance Vulnerabilities of Dead or Dying Software

    Rusty mechanical equipment. Creaky carnival rides. Wobbly chairs. People are naturally skeptical of things that are dilapidated, rundown, or slipshod—and with good reason. After all, that which is ramshackle usually isn’t reliable. Now, imagine it’s the physical therapy software you use everyday to run your rehab therapy practice that’s gone derelict. Take PTOS EMR, for example , because if you didn’t know, this therapy office software is going out of business, and it has ceased all updates …

  • articleNov 13, 2012 | 3 min. read

    What’s the Difference Between Registry-Based and Claims-Based Reporting Methods for PQRS?

    Today’s blog comes from WebPT Copywriters Char Bohnett and Erica Cohen. If you pay attention to our blog posts this month, you may notice a theme. That’s because we always have themes, but this particular month is über important. For us here at WebPT, November is synonymous with PQRS prep. So we thought we’d share our vast PQRS knowledge with you, giving you all the info you need to prepare yourself for 2013. Today, we’ll cover the …

Achieve greatness in practice with the ultimate EMR for PTs, OTs, and SLPs.