HIPAA: Round Two
The Security Rule associated with the Health Insurance Portability and Accountability Act (HIPAA) became effective on April 21. The HIPAA Privacy Rule was effective two years ago and applied to all forms of protected health information (PHI). The Security and Privacy rules are closely related, but the Security Rule applies to PHI maintained or transmitted in electronic forms only.
All staff are required to complete the proper training. To access the training materials, nurses can go to T3 to document your participation and completion in the course. Policies and procedures are available on BWH Pike Notes in the Compliance Corner for HIPAA. Questions can be directed to the BWH HIPAA Security Office.
Identifiable health information may be shared among caregivers for the purposes of treatment, payment or health care operations. Health care operations include QA/QI, utilization review, disease management, credentialing, and auditing. Any other use of PHI or the disclosure of information (i.e., research, marketing, etc.) requires the written authorization and consent of the patient.
Emails containing PHI should be limited to instances of absolute necessity. An email is NOT protected once it goes beyond the BWH firewall. Include the PHS disclaimer on your outgoing messages. For information on email use, refer to the Clinical Email Guidelines in the BWH Administrative Policy Manual.