MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsCatalyst PDF FileCommunity HappeningsCampus News

Return to Main Menu

HIPAA applies federal law to protect patients

by Mike Wheeler and Sharon Knowles
MUSC and MUHA Privacy Officers
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule was implemented in April of this year. This privacy rule provides a federal law to protect privacy and confidentiality by preventing a release of an individual’s private health information. 

Medical information can be released  to organizations outside of the MUSC Organized Health Care Arrangement (OHCA) for treatment, payment, and health care operations. Everyone knows the definition of treatment and payment, but the definition of health care operations is extremely broad and complex. 

Health care operations include numerous activities ranging from quality improvement activities to business planning.  Also included in the definition of health care operations is conducting training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers, training of non-health care professionals, accreditation, certification, licensing, or credentialing activities. 

At the medical university, all of our students reviewing private health information complete HIPAA Privacy Rule training. In addition, the Medical University (MUSC) and the MUSC Hospital Authority (MUHA) also sponsor academic guests who need to be aware of the requirements of the HIPAA Privacy Rule. An example of an academic guest is a high school mentoring program,  a medical doctor interviewing for one of our residency programs, or a practitioner learning a new procedural technique. 

Anyone sponsoring an academic guest is responsible to stress and ensure that the academic guest realizes the significance of maintaining established safeguards when reviewing private health information, both written and oral communication. The consequence could be a loss of patient privacy. 

The following are three examples of meeting the HIPAA Privacy Rule requirements for academic guests. 

1) For a high school mentoring program, the sponsoring individual will brief the student on the importance of maintaining our patient’s privacy. The high school student should never access medical records, but may have some type incidental exposure to private health information. For example, overhearing the sponsor discuss a patient’s health condition. 

2) For a medical doctor interviewing to obtain a position in one of our residency programs, the sponsor will need to ask the resident applicant if they have completed HIPAA Privacy Rule training at another institution prior to the applicant accessing any personal health information (for example, viewing an X-ray with a patient’s name on the X-ray). If the applicant has not received any prior HIPAA Privacy Rule training from another institution, the resident applicant would need to complete the web-based HIPAA Privacy Rule training module. This module takes less than fifteen minutes to complete. 

Remember, foreign students do not receive training in HIPAA Privacy Rule requirements so these foreign students would need to complete the Web-based training module prior to accessing private health information. 

The URL to complete the Web-based training module is http://www.musc.edu/hipaa.

3) For a practitioner from another institution to receive training in a new procedural technique, the sponsor will need to ask the practitioner if they completed HIPAA Privacy Rule training at another institution. If the practitioner has not received any prior HIPAA Privacy Rule training from another institution, the practitioner would also need to complete the Web-based HIPAA Privacy Rule training module. 

In addition, important information to remember about academic guests and private health information includes:

  • Do not supply computer passwords to any academic guest in order for them to access computerized medical record systems;
  • The academic guest will not copy any of our patient’s medical records; and
  • No patient information will be entered into an academic guest’s laptop or hand held computer/organizer (for example, a palm pilot)


If you have any questions concerning the training requirements for academic guests, contact one of the MUSC or MUHA privacy officers.
 

Catalyst Online is published weekly, updated as needed and improved from time to time by the MUSC Office of Public Relations for the faculty, employees and students of the Medical University of South Carolina. Catalyst Online editor, Kim Draughn, can be reached at 792-4107 or by email, catalyst@musc.edu. Editorial copy can be submitted to Catalyst Online and to The Catalyst in print by fax, 792-6723, or by email to petersnd@musc.edu or catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Community Press at 849-1778.