Florida HIPAA Training Lawyer
Health Insurance Portability and Accountability Act (HIPAA) Compliance and Training
With the expansion of digital health information, ensuring best practices to protect an individual’s health information is more important than ever. Not only is it required under federal and state law to have mechanisms in place to protect patient health information, but doing so can improve the quality of service you are able to provide to your patients/clients. A patient’s concern about how their health information is handled can cause them to withhold health information and that can have life-threatening results. Conversely, when your clients trust you with their health information, they will be more comfortable sharing that information with you, and allow you to render better service when you have a more accurate picture of their health.
To build clients’ trust, and comply with state and federal law, companies working with protected health information must take steps to keep that information safe. This includes putting policies in place to maintain accurate patient records, protect clients’ privacy and information, and educate staff on importance of maintain confidentiality. It is not just good business practices – it is required under the law.
Under the Health Insurance Portability and Accountability Act (HIPAA) – its not just doctor’s offices or hospitals that are accountable for federal regulations pertaining to protected health information – it is the entities they work with, as well. Importantly, in addition to “Covered Entities” (CEs) being responsible for comply with federal HIPAA regulations, Business Associates (Bas) are also required to comply with these regulations. Business Associates include companies working with Covered Entities, like a claims processing company or quality assurance company, and spans many fields – like a law firm, web designer, consultant, or accounting firm providing services to a Covered Entity. Failure to comply with federal HIPAA regulations can have hefty consequences – with penalties for violations reaching above $1,000,000.
Florida Information Protection Act of 2014 (FIPA)
In addition to HIPAA, many states have passed laws expanding the requirements for privacy protection for covered entities that acquire, maintain, store, or use personal information. While HIPAA, as federal law, creates minimum standards that a company must meet for handling protected health information, FIPA, a state law, has stricter requirements. HIPAA only protects protected health information. FIPA is not limited to patient information, but also includes personal information that some companies maintain for non-patients – like the drivers’ license number for a patient/client’s partner or caretaker or employment records with employee names. Companies doing business in Florida or with clients/patients in Florida and handling protected health information must be compliant with FIPA regulations.
Under FIPA, personal information includes:
- an individual’s first name or first initial combined with the individual’s last name, in combination with:
- social security number, driver’s license number or other similar number of a government-issued ID, or a financial account number or credit or debit card number combined with the required security code.
Personal information also will include any information about:
- an individual’s medical history,
- mental or physical condition, or
- medical treatment or diagnosis by a healthcare professional; or
- an individual’s health insurance policy number or subscriber identification number, along with any unique identifier used by a health insurer to identify the individual or
- any personal login information that would permit access to a person’s online account (like login information to social media sites or applications, regardless of whether such sites include more traditional forms of personal information).
Personal information excludes information already made public or information that is encrypted in some fashion. Like HIPAA, failure to comply with FIPA Regulations (including breach notification requirements) can result in sizable fees, among other penalties.
So What Does it Take to Comply with HIPAA and FIPA Regulations?
First, education. While compliance requirements may be different depending on whether you are a CE or a BA, the first step in compliance is education (its required by the law). You and your staff (and anyone handling your clients’ protected health information) needs to understand how to handle that information. This includes, for example, how it may (and may not) be disclosed, how it may be transmitted (for instance: can you text protected health information? E-mail it?), how long the records should be maintained, how it may be disposed, and most importantly – what to do if there is a breach.
The most effective way to educate your staff on HIPAA Regulations and protocols is through HIPAA Training.
Contact Scott Wagner and Associates to Schedule HIPAA Training
At Scott Wagner and Associates, our firm provides HIPAA Training to companies of all sizes worldwide. We offer e-training/video conference training as well as in-person training at your location. We craft our training to meet your business needs, incorporate your company policies and mission, and make it fun. We also provide HIPAA Privacy Manuals to keep your company in compliance. HIPAA and FIPA Compliance does not have to be difficult. Contact us today for a consultation and to discuss options for training and HIPAA Manuals.