What is Required for a HIPAA Compliant Ophthalmology Practice?
As a HIPAA covered entity, it is essential for Ophthalmology practices to be HIPAA compliant. To be HIPAA compliant, you must follow the rules and regulations outlined in the HIPAA Privacy, Security, and Breach Notification Rules.
Each of these Rules comes with a specific set of standards to ensure protected health information (PHI) use and disclosure is limited to only authorized parties.
HIPAA Privacy Rule
The HIPAA Privacy Rule regulates the use and disclosure of PHI. To comply with the Privacy Rule, HIPAA compliant Ophthalmologists must limit PHI use and disclosure, provide patients with a Notice of Privacy Practices, and grant patients access to their medical records.
Minimum Necessary Standard
The HIPAA minimum necessary standard requires healthcare providers to limit the use and disclosure of PHI to the minimum needed to perform specific job functions. In other words, all employees do not need the same level of access to information to perform their assigned jobs.
For example, an Ophthalmologist likely needs access to a patient’s entire medical history to perform their job successfully. A Physician Assistant or Optometrist in the same practice may not need the same level of access to the chart.
An Office Manager would also require different access levels to a patient’s chart, limited to the information they need to book patient appointments, accept payment for the visit, and submit claims to their health insurance provider.