Myth #1: Emailing patient data or Protected Health Information (PHI) is covered by the HIPAA Rule but text messaging is not. This could not be further from the truth! Email and text messages are both considered forms of electronic communications under HIPAA and must comply with the HIPAA Privacy and Security Rules.
Myth #2: Healthcare providers can share health information with employers. Employers must have the ability to research health information about their employees. However, HIPAA prohibits healthcare providers from disclosing personal health information to employers without the patient’s consent.
Myth #3: The HIPAA Privacy Rule applies only to electronic patient records. HIPAA covers all patient records, regardless of whether they are in paper or electronic form. As long as the information can be stored, handled, transmitted, stolen, or breached, the information needs to be protected per HIPAA regulations.
Myth #4: If contracts are in place for hardware, software vendors, billers, and third parties engaged with the healthcare company, it is not necessary to have HIPAA Business Associate Agreements in addition to the contracts. Business Associate Agreements (BAAs) are a HIPAA requirement committing the Covered Entity’s Business Associate to abide by HIPAA rules and regulations as they apply to the Business Associate and their business operations.
Myth #5: As a small healthcare practice it is not necessary to follow the HIPAA Rules because most of HIPAA applies to large organizations, healthcare clearinghouses, and hospitals. ALL Covered Entities and their Business Associates must follow the Privacy, Security, Breach Notification, and Omnibus Rule under HIPAA.
Take the first step to staying compliant – a risk analysis from ANATOMY_IT.