Earlier this year, you may have heard about the teen with the rare and expensive medical condition that’s putting pressure on Iowa’s individual insurance market. When you read those headlines, did it make you think about HIPAA privacy? It should have.
In a public speech, an Iowa insurance executive used the teen’s case as an example to explain the rising cost of insurance. The Des Moines Register reported on that speech and the story spread across the nation. As a result, a patients’ rights group has filed a claim with HHS alleging a violation of the teen’s privacy rights. At issue are the specific facts the executive used in her example-- age, gender, and condition-- and whether that’s enough information for the patient to be identified. Under HIPAA, pairing something like a date of birth or the city where someone resides, with health-related information, is enough to create protected health information (PHI).
Regardless of the outcome, this compliant serves as a good reminder since self-insured plans are HIPAA covered-entities. If you have access to PHI remain diligent in ensuring that health information remains protected. If you’re ever questioning whether you’ve done enough to de-identify information you’re sharing, you probably haven’t.
Go to full article: www.desmoinesregister.com