HIPAA is no longer an unknown acronym – just ask anyone who has seen a physician in the last couple of years and they will tell you about the forms they have to sign now (and they never did this before with so much frequency). They will also tell you that HIPAA is the law that keeps their medical information safe. HIM managers and clinic administrators know there is some truth to this statement, but the real truth to keeping Protected Health Information. (PHI safe lies in the hands of those who have access to it.

While not frequent, unauthorized disclosures are a reality that we have to live with. For example, if a record is misfi led, copies of the misfi led records might get sent to the requester. In another scenario, if the wrong patient is identifi ed and his or her chart is pulled, the wrong records might be copied and sent. My job as Privacy Officer is to ensure that these incidents happen with less frequency and that each incident is reported.

We realize our responsibility in the chain of events that could lead to an unauthorized disclosure of protected health information. Iʼd like to explain what weʼve done to minimize the chances of protected health information being disclosed to the wrong party.

Each employee of CM Information Specialists has written a goal stating what they will do to keep PHI safe. By writing a goal, each person is committed to, and aware of, their role in keeping PHI safe. Each supervisor and manager has also created a plan to keep PHI safe and reduce the mistakes that can be made when handling PHI. The plans are concrete, measurable and detailed.

Goals and plan details written by supervisors and managers, along with employee awareness, creates a full circle of accountability and practice to reduce errors and unauthorized disclosures of PHI. We have also created procedures that involve our “best practices.” One best practice example is that we do not fax records to a patientʼs place of employment.

We also ask that requests from insurance companies and attorneys have a cover letter explaining who is asking for the copies of records and a complete address of where the records are to be sent. We verify the identity of the patient fi rst by checking the date of birth on the request with the date of birth in the record, but we look for other identifi ers as well. We compare the patientʼs signatures, verify the patientʼs insurance carrier, and perform other checks before releasing the records – all with the goal of keeping PHI safe.

As the general public gains more information about HIPAA and becomes aware of the risks of having their personal information stored with physicians, banks, and businesses, so will the need to have this information “buttoned down.” We understand our obligations to you, our clients, and we understand what we can do to minimize the risk of disclosing PHI and personal information about your patients. You have our goals, our plans and our commitment – not just from CM Information Specialists management, but also from each of our dedicated employees – to protect your patientʼs confidential information.