Issue link: https://www.massageandbodyworkdigital.com/i/1128556
Ta k e 5 a n d t r y t h e A B M P F i v e - M i n u t e M u s c l e s a t w w w. a b m p . c o m / f i v e - m i n u t e - m u s c l e s . 75 WHAT IS PHI? To clarify what constitutes protected health information (PHI), listed below are 18 "personal identifiers" that individually—or linked with any other personal identifier—could reveal the identity of an individual, their medical history, or payment history: • Account numbers • Certificate or license numbers • Dates directly related to an individual • Device identifiers and serial numbers • Email addresses • Fax numbers • Fingerprints, retinal prints, and voice prints • Full face or any comparable photographic images • Geographical identifiers • Health insurance beneficiary numbers • IP addresses • Medical record numbers • Names or parts of names • Phone numbers • Social Security numbers • Any other unique identifying characteristic (tattoos, birthmarks, etc.) • Vehicle license plate numbers • Web URLs Adapted from HIPAA Journal. "HIPAA Explained." Accessed June 2019. www.hipaajournal.com/hipaa-explained. a waiver, do not include any clients on social media posts or other marketing materials. HAVE THERE BEEN ANY HIPAA UPDATES? Although HIPA A was enacted in 1996, there have been just a handful of updates. The most notable updates were the introduction of the HIPA A Privacy Rule and Security Rule in 2003, the HIPA A Enforcement Rule in 2006, the incorporation of Health Information Technology for Economic and Clinical Health Act (HITECH Act) requirements in 2009, and the HIPA A Omnibus Final Rule in 2013. Following are some of the most prominent changes. Business Associates Business associates are no longer just employees but may be third parties, including outside billing firms, transcription services, collection agencies, data backup firms, etc., that might have access to PHI. Your practice is now liable for the actions of any business associates. Marketing Marketing now includes any communication regarding a treatment or service offered by a third party where you or your business associate will be compensated. If this occurs, your client needs to authorize the marketing effort before it begins. Selling Information Disclosing PHI for payment must be authorized by your client in advance, and the authorization must disclose (in writing) that you are being compensated for providing PHI. Note that compensation is not strictly monetary; it can also be in the form of goods and services. Patient Privacy Notices Several modifications to patient privacy notices occurred in the 2013 update. One change is to communicate to patients how their PHI will be used. Also, patients are entitled to receive a copy of their PHI in an electronic form within 30 days instead of 90. Patient-Directed PHI Restrictions Patients may now restrict certain disclosures of their PHI to their health plan or insurance carrier if they pay for services out of pocket. Monetary Penalties A single violation penalty ranges from $100 to $50,000, depending on the perceived level of culpability. Violations can be added together, though, until they reach a cap of $1.5 million per calendar year.