HIPAA: Mind the PHI

A staff member of a medical clinic approaches a patient in the waiting room. Without moving, he explains a medical procedure that he is recommending for the patient. Other people in the room are within earshot of this highly personal communication.

You are probably thinking, what a blatant violation of HIPAA! And you would be right. The staff member broke the Privacy Rule, a part of HIPAA, when he disclosed the patient’s Protected Health Information or PHI to everyone in the waiting room, according to the U.S. Department of Health and Human Services, which uses this incident as a case example.

The government required the rule-breaking medical clinic to create procedures and policies to safeguard PHI. As a result, all staff members received training on how to protect PHI and to take steps to prevent future violations.

Medical clinics must adhere to the Privacy Rule. This means that staff members do not share PHI with anyone unless it is necessary for facilitating a patient’s care.

The rule also covers Business Associates of medical clinics. According to the HIPAA definition, Business Associates are not employees of the clinics, yet the clinics give them access to PHI so they can carry out their services.

Medical transcription services are Business Associates as defined in the HIPAA Privacy Rule. As they transcribe medical records, they must protect the PHI, just as good medical clinics do. Here at Sunrise Transcription, we take our responsibility to protect your patient’s PHI seriously. To learn more, contact us.