Spring ‘20: Health Care Law
HIPAA Compliance 2020 BY Lisa Pierce Reisz
Is Your Patients’ Health Information Secure? The Health Insurance Portability and Accountability Act of 1996, or HIPAA, established rules for maintaining the privacy and the security of protected health information, or PHI. PHI is any information that is held by a covered entity regarding health status, provision of health care or health care payment that can be linked to any individual. These rules apply to “Covered Entities,” which include health plans, health care clearinghouses (such as billing services and community health information systems) and health care providers that transmit health care data in a way regulated by HIPAA.
Although HIPAA is now over 20 years old, compliance in 2020 has never been more important. Today, most health care providers have completed the transition from paper records to electronic health records. Therefore, this means that health care providers must be prepared to protect the privacy and security of their old paper records as well as the protected health information contained in their electronic health records, or ePHI. Further, in light of the exponential proliferation of data, health care providers must be cognizant of the risks to data posed by their own use, collection and storage of ePHI. Thus, HIPAA compliance by health care providers has never been more important to protect the privacy and security of their patients’ information. As a preliminary matter, HIPAA compliance starts with a health care provider understanding the universe of its patient data. Health care providers cannot secure
36 | Columbus Bar L aw yers Quarterly Spring 2020
