When it comes to keeping your independent practice HIPAA compliant there can be a lot of questions when it gets down to the nitty gritty of the Privacy and Security Rules. Whether it's training your staff, implementing physical safeguards, or managing your optometry office software processes it can be a lot to take care of! We picked out 5 common questions from HHS.gov to discuss today.
Let's start by remembering how the U.S. Deparment of Health and Human Services defines both rules.
The HIPAA Privacy Rule requires reasonable and appropriate safeguards to protect the privacy of personal health information, and limits the conditions on the uses and disclosures made without patient authorization, while also giving patients the right to their own health information.
The HIPAA Security Rule establishes national standards to protect personal health information that is created, received, used, or maintained by a covered entity. It require appropriate administrative, physical, and technical safeguards to ensure integrity of protected health information.
Manage Your Optometry Office Software with Help from These Common HIPAA Questions
Does the Privacy Rule permit healthcare providers to use email to discuss health issues and treatment 
with patients?
Yes, the Privacy Rule allows your practice to communicate electronically, with email, provided you're applying reasonable safeguards when doing so. So what are considered "reasonable safeguards"?
- Checking email for accuracy before sending
- Sending an email alert to the patient for address confirmation prior to sending the full message
- Limiting the amount or type of information disclosed through email
- Encryption (not required, but recommended)
How can a small provider implement the standards in the Security Rule?
The Security Rule is flexible in that it allows covered entities to take into account their size, capabilities, and costs when planning their security measures. Small provders can assess their security risks through an assessment to help determine any additional measures that may need to be taken to ensure they are meeting the standards.
In general, what does the HIPAA Privacy Rule require the average provider to do?
- Notify patients about their privacy rights and how their info can be used
- Implement privacy procedures for the practice
- Train employees to understand and comply with procedures
- Secure patient records so they aren't accessible to others
Do the standards of the Security Rule require the use of specific technologies?
No. Your practice is free to choose any technologies to use in your practice. The standards were designed to be technology neutral in order to facilitate the wide range of technologies that meet the needs of different practices.
Does the Security Rule permit a covered entity to assign the same log in ID to multiple employees?
Regardless of size, all practices are required to assign unique names for identifying and tracking user identity.
Get the latest news and information sent straight to your inbox by subscribing to the blog today!
