EMR/EHRHIPAA10 Facts About HIPAA Compliance You Might Not Know About

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that was enacted in 1996. It was legislated to ensure that people can carry their health insurance from one company to another as they made progress in their careers or moved to other parts of the country.

It was also meant to make the transfer of medical records from one health institution to the next easier. Lastly, HIPAA underscores the right of patients to protect the privacy of their medical records.

Although it has existed for some twenty-three years, HIPAA law is generally not that well understood by many people. Claiming ignorance won’t prevent you from being fined once you are found in violation of this law. The fine is hefty; you do not want to find yourself on the wrong side of the law — the fine ranges from $100 to $5,000 per violation. The maximum penalty is $1.5 million per violation.

Employers, patients, and medical institutions need to comprehend HIPAA lawfully. They also need to make arrangements for training for HIPAA compliance.

We have made the job easy for you by compiling ten facts about HIPAA to ensure you are compliant:

1. Sharing of Health Information with Employers

A medical institution can only share a patient’s medical records after written authorization from the patient.

The authorization must state the information to be shared, the name of the person allowed to use the data, expiration date of the authorization, and must contain the signature of the individual.

2. HIPAA Compliance is Mandatory

Healthcare organizations must strictly adhere to the guidelines stated in the HIPAA law and have cloud storage that comply to HIPAA. Compliance may seem like it will take a lot of training for the staff and you may delay doing it, but you ultimately have to do it.

3. Doctor to Doctor Sharing of Information

As a patient, your consent is not needed to transfer your medical records from one doctor to another.

The doctor is permitted to disclose health information for treatment, payment, and healthcare operations without the patient’s consent.

4. Picking up Prescriptions for Patient

Another individual can act on behalf of a patient to pick up prescriptions, medical supplies, or any other forms of health information that may be protected.

5. Ownership of Medical Records

You have a right to access your medical records under HIPAA. However, you do have complete ownership of the medical records. The provider owns the records.

6. Sharing of Medical Records with Family Members

Healthcare organizations are allowed to share information directly relevant to the involvement of the family member in caring for the patient.

7. Suing of Healthcare Institutions

Mistakes happen. Sometimes they are too egregious to ignore. However, you cannot sue a medical practitioner or healthcare organization.

You can only write to the US Department of Health and Human Services (HHS) via the Office of Civil Rights to inform them of the violation.

8. Marketing Using Patients’ information

HIPAA restricts healthcare organizations from using patients’ medical records to carry out marketing. They can only do so after written authorization from a patient permitting them to do so.

Nevertheless, general communication is allowed. HIPAA law explains in detail the differences between marketing and communication.

9. Emailing is Allowed

HIPAA enables healthcare providers to communicate with their patients via email even if the email on their end is unencrypted. There is a misconception that, due to high hacking rates, electronic communication is limited. This is not true.

10. Looking up the Wrong Person on the Electronic Health Record (EHR)

This is not usually considered a breach. Mistakes can happen when checking thousands of patients’ medical record. Nevertheless, if more than five hundred patients are affected, you will attract the attention of the HHS.


In conclusion, it is essential to read about HIPAA compliance standards and train your staff to know what constitutes a violation. As a patient, you need to know about HIPAA to prevent your sensitive health information from being misused.

This post was sponsored by Kamil Web Solutions

Leave your vote

1 point
Upvote Downvote

Total votes: 5

Upvotes: 3

Upvotes percentage: 60.000000%

Downvotes: 2

Downvotes percentage: 40.000000%

Digital Health Buzz!

Digital Health Buzz!

Digital Health Buzz! aims to be the destination of choice when it comes to what’s happening in the digital health world. We are not about news and views, but informative articles and thoughts to apply in your business.

One comment

  • Avatar

    February 25, 2020 at 5:36 pm

    Good post. I just want to remark how important is the staff awareness about the cybersecurity.
    Many reports show common weaknesses across all our information systems, indicating that agencies are not taking risks to information systems seriously enough. Most of the problems found can be easily eliminated and it appears that risks are simply not properly understood. They are certainly not being effectively managed.
    Most organizations IT systems are vulnerable as a result of weak passwords.
    The HIPAA compliance is a key business risk, and should be closely monitored and appropriately managed.


Leave a Reply

Your email address will not be published. Required fields are marked *

Hey there!

Sign in

Forgot password?

Don't have an account? Register


Processing files…