Healthcare Privacy -- The Evolving Frontier

Under privacy rules required by the Health Insurance Portability and Accountability Act (HIPAA), doctors and hospitals must obtain written permission before using or releasing a patient's records. Healthcare service providers must also be prepared to:

Provide patients with a "disclosure history" detailing who has accessed their medical records and how the information was used
Permit patients to review the contents of their medical records
Permit patients to correct errors
Maintain their recordkeeping systems according to particular security standards
Train employees on privacy compliance issues

Intentional information disclosures without patient consent will be a criminal offense, with penalties of $50,000 and one year in prison. Disclosure with intent to sell can earn a $250,000 fine and up to 10 years in prison.

If you are a doctor, hospital, HMO, insurance provider, or a service provider to the healthcare industry, you have substantial compliance hurdles to overcome, and you have little time to waste. PrivacyClue's consultants can help you design data-handling procedures, "permissioning" processes, employee training programs, and advise on compliant technologies that can help you get ahead and stay ahead of the curve.