HIPAA Compliance

HIPAA FAQ

A list of frequently asked questions about HIPAA are available on this page but please feel free to contact Azalea Health for consultation or questions that you may have about HIPAA as we have a HIPAA Compliance Officer on Staff.

You can visit the U.S. Department of Health & Human Services website for more information about HIPAA policies and regulations.

Who must comply with HIPAA?

As required, the final regulation covers health plans, healthcare clearinghouses, and those healthcare providers that conduct financial and administrative transactions electronically. Those that are not doing electronic transactions are still mandated to comply with HIPAA rules.

What kind of information is protected?

All medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally, are covered by the final rule.

What measures must be taken to protect information?

The Privacy Rule generally requires covered entities to take reasonable steps to limit the use, disclosure of, and requests for Protected Health Information to the minimum necessary to accomplish the intended purpose. Access to Azalea products is permission based, giving you the ability to completely control and monitor the amount of patient information each member of your staff may access.

Who enforces HIPAA?

The Department of Health and Human Services will be responsible for determining if institutions are HIPAA-compliant as well as for assessing penalties and fines for violations.

We work very closely with specialists and need to fax patient information to them. Is this allowed?

Yes, but every fax needs to have a confidentiality statement saying that protected health information is enclosed, and should request that if the person receiving the fax is not the designated person, they should send the fax back to you.

Are we allowed to send recall cards?

Absolutely. Just show the date, time of the appointment, and premedication information. Never be specific as to what the medication is or what the procedure is for that day. If you need to mention anything that’s considered confidential, mail the card in an envelope.

Are we allowed to call out a patient’s name in the reception room?

Yes, as long as you don’t mention why the patient is there.

We have plastic holders outside each of our operating rooms. Are we allowed to keep patient folders there?

Yes, as long as other patients cannot see any personal information, and as long as patients don’t have free access to the area where these may be displayed.

What is allowed on the outside of a patient’s chart?

You should have as little information as possible on the outside.

Are sign-in sheets allowed?

Yes, as long as the only information shown is the patient name.

When calling to confirm a patient’s appointment, can staff leave a message on his or her answering machine?

Yes, unless the patient specifically asks you not to leave messages. The same policy should be followed with regards to leaving a reminder with a family member. You may only mention the day and time of the appointment.