Tuesday, September 25, 2012

Jitesh Chawla MD discusses the HIPPA Rule

Dr. Jitesh Chawla feels that in order to stay away from nasty trial lawyers and draining courtroom or legal cases or criminal charges, all providers should know the basics of the HIPPA (Health Insurance Portability and Accountability Act) rule.

Covered Entities


HIPPA contains the Privacy Rule whose goal is to protect healthcare information, especially in this age of health IT where information is exchanged frequently and easily. The first step in learing about HIPPA is  to understand who HIPPA applies towards –called “covered entities”..

  • Health Plans
  • Healthcare Providers (this includes both clinicians and organizations)
  • Healthcare Clearinghouses (process non-standard health info to standardized versions –common in billing claims)

Business associates are entities or individuals, other than the covered entities, that provide services on their behalf and may have access to protected health information either by use or disclosure. The covered entity will need to use a Business Associate Agreement in this case in order to comply with the Privacy Rule. But the next question is what is protected health information.

PHI (Protected Health Information)


health information that is individually identifiable health information is one, including demographic data, that relates to:

  • The provision of health care to the individual
  • The individual’s past, present or future physical or mental health or condition,
  • The past, present, or future payment for the provision of health care to the individual
  • Anything that can be reasonably used to identify the individual

Common examples include full name, address, birth date, Social Security Number. Even photos can be included as such information.

Hypothetical Patient Jitesh Chawla’s Photo (unauthorized sharing of this could be a violation of HIPPA in some circumstances)





Penalties for non-compliance




These are classified into different degrees of offense.

1) Not more than $50,000, imprisoned greater than 1 year, or both;

(2) If done under false pretenses, fine shall not exceed $100,000, imprisoned not more than 5 years, or both

(3) If the intention is to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or to maliciously harm another, cannot be fine more $250,000, imprisoned not more than 10 years, or both.

Tips to stay out of trouble


1) Abstain from talking about patients in hallways, elevators or where others not involved in care are there

2) If using an electronic medical record, log off the software or the operating system when not using

3) Don’t share PHI in emails, on voicemails or jot down on notes/stickies which can be picked up by others

4) If an organization, make sure all new patients are given HIPPA paperwork, employees sign confidentiality agreements while being hired and 3rd parties you enter with sign Business Associate Agreements.

You can never prevent all bad situations, particulary in Health Care, but with this knowledge and advice Dr. Jitesh Chawla hopes that meeting trial lawyers or courtrooms for violation of the Privacy Rule is nothing but a bad dream for you.

Please check out my new video on Patient Centered Medical Home at:
http://www.youtube.com/watch?v=FqLH7w9efqI

No comments:

Post a Comment