The HIPAA (Health Insurance Portability and Accountability Act) law was enacted in the United States of Americain 1996 to safeguard the information of patients so that people can keep the confidentiality and privacy of their medical records. Information covered under the law are known as Protected Health Information (PHI) and is defined as any kind of information which poses a significant risk of financial, reputational other harm to an individual.
Cherry Imaging software deals with capturing patient information and measurements in very personal detail, in order to deliver better aesthetic medical treatments. It’s important to avoid HIPAA violations, as breaches here can result in severe penalties and fines based on the severity of the breach, from $100 to $50,000 per violation, and up to a maximum of $1.5 million per year for compounded violations. Certain violations can also result in criminal charges that are prosecutable with jail time.
If any information is personally identifiable and contains protected health information such as demographic information, medical histories, test and laboratory results, mental health conditions, insurance information, and other healthcare data that is meant for healthcare professionals and their patients only. If any of this information is personally identifiable, a HIPAA breach may have occurred.
To avoid HIPAA violations, healthcare practitioners and other medical professionals and staff should make reasonable efforts to limit the use and disclosure of PHI, the minimum necessary required to perform their duties. Incidental disclosures should be minimized and avoided, in order to keep the confidentiality necessary in the medical profession.
In a technical field like imaging, there are several things that can be done to manage patient images and improve procedures to stay HIPAA-compliant. These include:
Schedule HIPAA training for all employees and staff, to ensure that people are familiar with HIPAA and PHI, and can identify what types of information need to be protected and kept confidential.
Setting up user accounts for each staff member working on the image database with logins and passwords, to keep the image database secure and have accountability for the handling of all images.
Ensuring that each staff member logs out of their account completely when not using the imaging software and database, to minimize any unauthorized use of each employee’s account.
Don’t store the entire imaging and patient database on a laptop taken outside of the practice or company premises. Transfer only the records needed when making patient visits, and remove them once finished.
When using imaging software in front of patients, ensure that privacy features are used to hide PHI from other patients.
Having a signed contract with all providers for the use of all imaging software and databases, ensuring that HIPAA privacy is covered and any people outside of the company take the necessary steps to prevent HIPAA violations.
Familiarizing your staff and employees with the ins and outs of HIPAA law can help reduce and prevent costly fines. Cherry Imaging Systems makes all the efforts to ensure that software integrates easily into a HIPAA-compliant practice.