Many of us have visited a doctor’s office. And in many circumstances our doctors visit includes a follow up correspondence of some sort. Whether it was a medical assistant contacting a patient to set up his/her next doctor’s visit, or in some cases a follow up notification from your doctor informing you of the results from a recent office visit, these actions appear to be rather typical and nothing out of the norm.
Although a phone call from your medical physician seems very routine and common, have you ever stopped to think if proper privacy and confidentiality procedures are being practiced?
When these sorts of questions arise, we are quickly reminded on why the Health Insurance Portability and Accountability Act (HIPAA) was implemented. HIPAA was designed primarily to modernize the flow of healthcare information and to stipulate how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, in addition to unauthorized disclosure.
Whenever a physician or a representative on behalf of a physician contacts a patient, that individual should be fully aware of what protocols they must follow as noted in HIPAA. Not too long ago I received a voicemail from an unknown phone number. Upon listening to the voicemail, I discovered that it was a medical physician who accidently contacted me when attempting to contact a patient. It was quite astonishing to realize how common this error may be. Even more surprising is the level of detail information this physician disclosed about their patient’s history.
One may deem this scenario as nothing more than an “honest human error” that was not done maliciously to disclose a patient’s health information to someone else. However even honest human errors can lead to confidential health information being disclosed to unauthorized individuals.
Even more surprising is discovering the amount of health care practitioners who may not be fully aware of all of the HIPAA guidelines that apply to them and their line of business. It is critical for practitioners to be fully aware of the responsibilities they have they when protecting an individual’s health information from unauthorized disclosure.
It is a great idea and good practice for organizations in the healthcare industry to conduct routine HIPAA awareness training to prevent such errors from occurring. Although the physician who contacted me was unaware that I was not their patient, a clearer understanding of HIPAA guidelines could be the very reason that prevents private health information from getting into the wrong person’s hands.