HIPAA Compliance, And HIPAA’s Florida Counterpart
Many people know what HIPAA is, even if they don’t know the intricacies of the law. As a general rule, the federal government, through HIPAA, protects your medical information and data, almost completely.
But what people don’t know is that Florida has its own version of HIPAA, and in many cases, it can be even more protective than its federal HIPAA counterpart.
Differences in the Laws
Florida is more protective than federal medical privacy laws, because it covers a wider variety of companies. The federal HIPAA law only requires compliance with the law by healthcare companies or those in the healthcare industry.
Florida’s laws are broader, covering any company that uses or stores medical or patient information—even if the company itself is not a healthcare company or in the health industry.
Florida’s laws also consider more information to be private than the federal law does. Things like your name, if it’s associated with your credit card number, can be considered private and protected information. Any private information, like financial data, passwords, license numbers, or other information that could threaten someone’s identity, credit or finances, is considered protected,
Florida law even details how patient information should be discarded, describing the types of acceptable methods.
Violations and Enforcement
Violations of Florida’s healthcare privacy information laws can be steep—often in the 6 figures. The Florida Department of Health is charged with enforcing the law and, if necessary, assessing penalties.
It is easy for a business to simply create policies and procedures that comply with HIPAA. There is a lot of free (and not always reliable) information online about HIPAA compliance. But almost none of that information tells a company how to comply with Florida’s privacy laws.
Some HIPAA Requirements to be Aware of
Under either law, if your employee discloses information that is supposed to be held private and secret, it is the employer who will be charged with violating the law, and assessed the fine. This makes employee training in healthcare and personal information privacy even more important.
The law doesn’t just restrict disclosing a person’s private information or making a person’s private information public, but simply allowing unauthorized people to access patient medical data or private personal information can end up being a violation.
Not only is a risk management program a good idea, but it’s required by law—HIPAA requires both a risk management program, but also requires that your business’ contracts with any third party vendors who may be given information, sign a contract that is HIPAA compliant.
Even personal devices, like phones or tablets, are covered by HIPAA. HIPAA forbids accessing patient information on personal devices, unless there is sufficient protection. Protection can include encryption, or password protecting information.
Simply being able to see patient information on a personal device, is a HIPAA violation, even if the person seeing the information would otherwise be permitted to see or access it.
Call the West Palm Beach employment attorneys at Pike & Lustig today for help if you have a business law, labor or employment law problem.
Resource:
hhs.gov/hipaa/index.html