Do you know where and how your personal health information is being stored when you go for your annual flu shot?
While the seasonal flu can fluctuate year round, the CDC states that flu season can begin as early as October and continue into as late as May. With flu season underway, many are headed to receive their annual flu shot. Getting your flu shot is a lot easier than before, as the availability of this vaccine is more widespread; pharmacies now offer various immunizations, which are administered by trained healthcare providers. Pharmacists in all 50 states can, and do, immunize patients.
Do you know where and how your personal health information (PHI) is being stored when you go for yours?
Protecting PHI requires diligence under HIPAA’s Privacy Rule. The Privacy Rule protects a subset of individually identifiable health information, which we know as PHI, that is held or maintained by covered entities or their business associates acting for the covered entity.
SOME EXAMPLES OF PHI INCLUDE:
- + Billing information from your doctor
- + Vaccination history
- + Blood test results
- + Phone records
Protecting sensitive information is important, particularly in the healthcare industry. Medical records are full of data that would be an identity thief’s dream come true; names, addresses, social security numbers, health plan information, and so much more. When you go for your annual flu shot, a lot of this information is stored so that health practitioners and trained staff can administer the vaccines to the right patient and keep a record of inoculation dates.
The Health Insurance Portability and Accountability Act (HIPAA), which was passed by Congress in 1996 contains provisions designed to protect patient privacy. This is especially important for pharmacies who administer the yearly flu vaccine, as they are also a storefront that deals with customers in addition to patients. The easiest way to maintain HIPAA compliance when it comes to patient privacy is achieved by keeping protected health information (PHI) secure and private, setting up office policy, and limiting access of patient information to businesses outside the practice.
Covered entities that collect PHI must adhere to HIPAA rules.
EXAMPLES OF COVERED ENTITIES INCLUDE:
- + Doctor offices, dental offices, clinics, psychologists
- + Nursing home, pharmacy, hospital or home healthcare agency
- + Health plans, insurance companies, HMOs
HIPAA’s privacy rule does not include medical record retention requirements, choosing instead to defer to state laws to generally govern how long medical records are to be retained.
Secure paper shredding and hard drive destruction under the confines of HIPAA is the best and most effective way to destroy PHI when it is no longer relevant. More than 40 Federal laws mandate that all business, healthcare, and financial institutions protect the confidential information of their clientele.
Keep your compliance in check this flu season by destroying old records when necessary and maintaining a stringent sharps disposal plan.
You Might Also Like:
- What is PHI and Why Is It Protected Under HIPAA?
- HIPAA 101: What You Need to Know
- HIPAA 102: The Most Common Violations. Are You At Risk?