The above represent a short list of penalties imposed within the last year by the U.S. Department of Health and Human Services on covered entities (health care providers, insurers, and others) who have breached the HIPAA Privacy Rule by disclosing a patient’s individually identifiable health information. Just Google “HHS HIPAA Fines” and the results will be staggering.
Bad publicity, costly fines and lengthy litigation can be avoided when information about a patient is de-identified prior to disclosure.
Under the HIPAA Privacy Rule, information can be De-Identified so that the information itself is no longer individually identifiable. The key is the “individual” component of this equation: de-identified informatio can be used and disclosed for a wide variety of purposes without getting the health care entity in hot water with the government.
Health care entities must question the manner in which they obtain, use and disclose information pertaining to their patients. In order to avoid costly litigation and penalties, health care entities should note the following:
1. The law allows de-identified personal information about a patient to be disclosed;
2. The law does not provide a privacy or monetary interest for an individual whose information has been de-identified prior to disclosure; and
3. HIPAA contains guidance as to the appropriate manner in which personal information is de-identified; as long as those rules are followed, the Courts in the U.S. cannot intervene.
Learning how to properly de-identify patient’s personal information in today’s litigious society is crucial. The benefits include avoidance of fines, lawsuits and negative publicity.