HIPAA Compliance and IPS Compounding
The Health Insurance Portability and Accountability Act set forth in 1996 created national privacy standards for your health information. The goal of the act was to protect individual health information from falling into the wrong hands. At the heart of the act was an effort to put patients in control of their personal health information. HIPAA gave them more control. So what type of information is protected?
- Information regarding past and present medical conditions
- Mental health
- Date of birth
- Emergency contact information
In other words, anything on your health record that may easily identify you is kept from prying eyes. So rest assured, things like chronic diseases, diagnostic tests, screenings, and delicate items like illnesses or major surgery dates are kept confidential. In addition, your extended family health history, allergies (including drug allergies), and any medications you take are protected within these parameters as well.
Your Rights under HIPAA
Furthermore, you have the right to know what type of information is shared with other healthcare providers. This includes health organizations like your primary care physician, pharmacy, lab or any other business entity that has seen or shared your health record. Also, you have the right to request a copy of the types of protected information any entity enters on your health record. Typically, you can request a paper copy, digital copy or both. Of course, compounding pharmacies, like IPS Compounding, fall under the auspices of HIPAA regulations too. As such, there are certain standards we must follow.
Our Obligation to HIPAA
For instance, now that we live in a digital age, your health information will probably be transmitted in some sort of electronica format. As such, IPS Compounding has to comply with the Department of Health and Human Services legal standards when sharing that information. Yet, the scope is broader too. In addition to any federal regulations surrounding your health information and its privacy, state laws also come into play. These vary from state to state so it’s important to make sure you get a copy of your state’s specific HIPAA laws to make sure your information is being shared among health care providers in a compliant manner.
What Type of Health Information May be Disclosed?
Typically, a pharmacy like IPS Compounding may disclose your health record in an effort to treat your medical condition (for instance if they need to speak with your doctor about wound care treatment on your behalf) or pay for certain medicines/equipment you may need. In addition, third-party processors may require information in order to send you a bill since they supply the pharmacy with your supplies. Ultimately, IPS Compounding can disclose information to any of the following:
- The U.S. Food and Drug Administration
- Military Personnel
- Coroners or Medical Examiners
- Public Health Agencies
- Law Enforcement
- Any family member or individual responsible for your care
However, the key to disclosure is your consent. IPS Compounding must obtain written authorization from you before we can disclose any information to the entities listed above or other entities allowed by the HIPAA Privacy Act. If consent is not given, a violation occurs.
Also, remember your additional protections under state law. For instance, certain items like substance abuse/alcohol abuse history, mental health records, or HIV treatment information will often have additional protection under your state HIPAA law.
Taking Control of Your Health Information
Finally, pharmacies must remain current on HIPAA regulations (and they can change often). Therefore, make sure to have a conversation with your pharmacist about safety provisions in place to protect your information and keep it confidential. Some safeguards include things like data encryption, administrative policies and physical limits on who has access to your health information.
In addition, feel free to ask about the distributors and drug supply partnerships your pharmacy maintains. They must maintain HIPAA compliance too. Privacy laws apply to associate relationships, including health insurance companies, billing, and claims processing services. Most common violations involve failure on the part of the business associate to obtain written authorization.
Other common violations include unencrypted data, or worse, a data breach. Depending on violation severity, penalties range between fines and criminal charges. With that said, if you have any questions, IPS Compounding will be happy to explain how we protect and share your information within the HIPAA framework..