What is HIPAA?: A Brief Explanation
HIPAA is The Health Insurance Portability and Accountability Act of 1996. The Act was signed into law by President Bill Clinton in 1996. The aim of the Act is to ensure that employees who work for American companies can retain their health insurance coverage while moving to different jobs or positions. The Act also includes guidelines for protecting medical information and personal individual details, known as Protected Health Information (PHI).
HIPAA and PHI
Understanding HIPAA is an integral part of working in any medical setting. HIPAA regulates virtually every aspect of the healthcare experience as a whole in America. The act includes provisions for health insurance coverage both while employed and when between jobs, paid/guaranteed leave; FMLA, the distribution of health and personal information (PHI). The regulation of covered entities (defined as any companies, groups, or individuals who come into contact with PHI); and medical billing. The most relevant part of the Act for an interpreter or member of the public who frequently works with interpreters is the Privacy Rule.
According to the US Department of Health and Human Services, the Privacy Rule (also known as the Standards for Privacy of Individually Identifiable Health Information) sets national standards for the protection of health and patient information. The rule applies to anyone with access to Protected Health Information.
Protected Health Information (PHI) covers all the details that can be used to identify a patient.
In addition to the first name, last name, address, birth date, demographics, and social security number, PHI includes:
- An individual’s past, present, or future physical or mental health or condition
- Details about the provision of health care to the individual (appointment schedules, names of the patient’s providers, etc.)
- The past, present, or future payment for the provision of health care, including both paid and unpaid bills
So how does HIPAA affect a Medical Interpreter’s job on a daily basis?
The goal of the Privacy Rule is to protect patient information and confidentiality.
To limit the risk of non-compliance, a medical interpreter should always avoid:
- Discussing patient details (PHI) with anyone other than the clinical staff directly involved with the patient.
- If the interpreter needs to disclose, or discuss, confidential information to one of these pre-approved individuals the interpreter must make sure that there is no one else in the room. The door must also be closed. Medical facilities are typically able to provide private spaces for this purpose.
- Using a patient’s full name in unprotected e-mails or public phone calls.
- If the Medical Interpreter is ever in doubt, we suggest using a case number as a first line of action. They should call their Project Manager to confirm a patient’s case number if it’s not listed on your timesheet.
- If the Project Manager lets the interpreter know that the patient doesn’t have a case number (usually linked to the medical facility database), the interpreter can reference the assignment number on your timesheet.
- Telephone calls to the Project Manager should always be made in private. If that’s not possible, using patient initials during the call is the next best course of action.
- Throwing away any paper that includes PHI (for example: work orders/contracts, as they contain the patient’s name).
- These documents should go into a secure, HIPAA compliant shredder. These shredders are readily accessible in medical facilities. Any clinician will be able to direct the medical interpreter to the nearest shredder.
- Furthermore, interpreters should destroy these documents in front of both the provider and patient at the end of each of their interpreting session.
If an interpreter has questions about whether the information is protected by HIPAA; or if they need to report a significant detail and aren’t sure whether or not it’s classified as PHI, we recommend erring on the side of caution.
The interpreter can speak with the clinician directly responsible for the patient’s case; in a private room with a closed door. No information can be discussed about any patient (s) outside of the assignment time boundaries. The only exception to this regulation is for information that falls under the guidelines of “Mandatory Reported Subjects”. Including if upon further reflection after the assignment the interpreter determines a patient might be a danger; to themselves or others. Reported or suspected sexual or physical abuse is another exception that must be discussed with the primary clinician at the first opportunity.
If an interpreter is concerned that they have accidentally violated HIPAA, they must immediately contact their Interpreting Project Manager. The Project Manager will assess the situation and determine if further action is necessary.