As a professional working in the healthcare industry, you’ll no doubt be familiar with the Healthcare Insurance Portability and Accountability Act (HIPAA) and the relevance for your data collection, reporting and storage activities. However, if you’re starting to think about collecting patient experience feedback, it's worthwhile revisiting HIPAA regulations to make sure you’re up to date. Failure to consider HIPAA in research can have major ramifications. Research shows that while HIPAA breaches cost approximately $200 per victim, the courts usually award around $1000 per victim. Given the colossal size of the financial penalties now being issued for violation of HIPAA regulations, it is crucial that you know how HIPAA will impact your efforts to gather patient experience data.
In the age of Covid-19, it's also important to note that the types of organizations that gather HIPAA data have been extended to non-healthcare organizations. For example, employers and other business entities might gather data on whether workers have contracted the virus, or their vaccination status. These organizations also have to be vigilant about HIPAA regulations. So, even if you’re not a healthcare professional, you might find our guide useful.
Read on for more information about the HIPAA regulations, the kinds of information that are protected and what you’ll need to think about when designing patient feedback research.
Under HIPAA regulations, any information created, gathered, stored or transmitted by a HIPAA-covered entity that could identify an individual patient is considered protected information. What do we mean by a HIPAA-covered entity? There are three main types:
While employers are generally not classified as Covered Entities under HIPAA regulations, in practice, they are bound by the same rules when collecting, storing, or transmitting protected health information (PHI): increasingly important in the Covid-19 era.
What exactly is PHI? Under the terms of HIPAA, PHI is considered to be individually identifiable information about patients’ current or future health status. PHI is generated, used or disclosed about patients in the course of healthcare provision and delivery. For example, it might emerge during conversations between physicians and nurses regarding the treatment of patients or may be written down on forms, communications and other types of documentation. Examples of protected health information include:
When PHI isi in digital form, it is commonly referred to as ePHI or electronically Protected Health Information or ePHI. For example, ePHI might be transferred by email, stored on a server, or found on a computer hard drive. Most of the rules of HIPAA apply equally to PHI and ePHI. However, the Security Rule of HIPAA is focused on the implementation of technical, administrative and physical safeguards to ensure the integrity and sanctity of electronic PHI specifically.
Although PHI is the more commonly used term, you may also have heard the term Individual Identifiable Health Information, or IIHI. PHI and IIHA are interchangeable and refer to the same information - any piece of healthcare information that could enable the patient to be identified.
HIPAA plays a major role in the protection of patient rights. Let's take a look at some of the considerable benefits of these regulations for patients.
Of course, HIPAA creates certain challenges for healthcare providers, particularly with relevance to their ability to collect patient experience feedback. Some of the key challenges that you will need to be aware of when gathering patient feedback data include:
Clearly, HIPAA was designed with patient rights firmly in mind, and there are many benefits for patients when healthcare providers are HIPAA compliant. However, it's also important to remember that following HIPAA regulations also protects healthcare providers:
Over the past few years, the proportion of medical expenses that patients have had to bear has grown steadily. One of the consequences of this development is that patients are increasingly becoming active participants in the healthcare that they receive. As a result of rising deductibles, insurance premiums and out of pocket medical expenses, patients want to make sure that they’re getting value for money. Dissatisfied patients will not think twice about moving to a new healthcare provider. That means that gathering patient feedback is more important than ever before. Capturing insight into patient experiences - whether good or bad - can help you to ensure that patients are getting the bang for their buck that they expect, and will help you to fix any issues before they vote with their feet. Specifically, gathering patient feedback helps you to:
So, as you can see, HIPAA has major implications for the way in which you gather, store, share and use protected health information. Sound challenging? SurveyMonkey already has the features in place to ensure HIPAA compliance. And, to learn more about how other healthcare organizations are gathering patient feedback data in a way that is HIPAA compliant, see this article.