The HIPAA Privacy Rule has been effective for two years. In that time, we've learned:
- "HIPAA" has one "P" and two "A"s;
- It is possible to comply with HIPAA and share health information necessary for safe quality patient care;
- HIPAA provides the safeguards needed to protect health information in the electronic age; and
- HIPAA is flexible enough to permit the use of e-mail, laptops, PDAs and other devices.
The HIPAA Security Rule will be effective April 20, 2005. The Security Rule applies to electronic protected health information (ePHI) only, and the standards are more technical in nature than the Privacy Rule standards. The work toward achieving compliance with the standards is nearing completion. More than 60 system administrators in departments and colleges throughout UNMC have been tasked with ensuring the availability and integrity of information systems and databases containing confidential information.
Keep in mind the following tips for safeguarding protected health information:
- Share protected health information on a "need to know" basis only;
- Do not discuss sensitive patient information in public areas where it can be overheard;
- Do not share passwords;
- Dispose of confidential information in recycling containers or shred it;
- If you are unsure about whether a use or disclosure of PHI is permissible, ask a supervisor or the privacy or information security officer.
Remember, maintaining the privacy and security of health information is everyone's responsibility, and it's good medicine.
Editor's Note: Wrobel serves as UNMC's privacy officer and Welna serves as UNMC's information security officer.