The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protects identifiable information being used to analyze patient safety events and improve patient safety.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996 and requires covered entities to implement policies and procedures that specify the proper manner in which workstation functions are performed to maintain confidentiality of Protected Health Information (PHI). Any information about a patient that is written, saved on a computer or electronic media (disks, CD’s, etc.) or is spoken is Protected Health Information (PHI). PHI includes other pieces of information including name, age, address, social security numbers, diagnosis, medical history, medical record numbers, observations of health, any unique identifier, or the fact that the patient is in the hospital or medical facility to begin with.

The only cases where it is allowed to share information with the patient’s family, friends, or anyone else without written authorization from the patient is if the person requesting the information is the patient’s guardian, Healthcare Power of Attorney or next of kin if the patient is incapacitated, for hospital operations or when there is a legal duty or obligation to report information (such as child abuse or under a court order, among others).

Hospitals and Healthcare organizations: Remember to require your language service providers to readily provide you access to interpreter records so that you can then be compliant with Joint Commission standards. As compliance coordinator our healthcare clients require me to provide interpreter information which is available to them online. They are able to view all interpreter records at any time, including completed HIPAA tests, TB tests, current flu shot, immunization records, and background checks.