The Health Insurance Portability and Accountability Act (HIPAA), outlines protection guidelines for the electronic storage and transfer of individuals' confidential health records. Doctors' offices, hospitals, insurance companies and any other entities that deal directly with a person's medical records are required to follow HIPAA guidelines for protecting that information from unauthorized parties.
How to be HIPAA Compliant
Check all your electronic safeguards, including network encryption, anti-virus software and email encryption. This is likely the most important part of HIPAA compliance because hackers seek out weak or unprotected networks.
Ask patients to sign forms specifying who is and is not allowed access to their records beyond the standard of doctors and insurance companies. This could include family members, employers or friends whom they trust to view their information.
Verify authorization and identity before releasing information to any person or company. Ask security questions or personal information such as social security number and date of birth to ensure you are speaking to the correct person. If a form is emailed or faxed authorizing the release of records, check the patient's signature against the signature on the form to ensure they match.
Check to see what type of information the person or company is authorized to receive. Health insurance companies are usually authorized to all information, while a patient may only want a family member to have access to certain parts of his medical information.