HIPAA Compliance: Your 2021 Definitive Guide

Lexin-Ann Morales
Reading time: 6 minutes.

doctor holding a patient information form and another healthcare worker assisting a patient (by PlatoForms Online Fillable Form Creator)

Because of the COVID-19 pandemic, the use of telehealth began to rise rapidly to expand the health assistance to patients amidst quarantine limitations. Since everyone is advised to stay at home, those who seek medical help found convenience through telehealth for check-ups. Since medical consultations are now conducted online, the use of online forms to obtain patient information needs to be more secured than ever. Thankfully, HIPAA compliance exists. Because of this act, healthcare providers have the HIPAA authorization to obtain medical information from forms.

In this article, we’ll walk through what telehealth is, HIPAA compliance definition, which organizations need to be HIPAA compliant, and how our HIPAA Online PDF forms can help your provider to stay compliant.

Table of Contents:

  1. The wonders of telehealth
  2. What is HIPAA compliance?
  3. Who needs HIPAA compliant?
  4. What are the penalties from HIPAA violation?
  5. PlatoForms offers HIPAA compliant forms

The wonders of telehealth

Using telehealth is like your usual video call. When my doctor video called me for my online consultation, nothing felt different–although describing how I struggled with hearing was a bit challenging, and one of the reasons is:

I was trying to point out which part of my ear hurts, and since it’s an online consultation, the doctor can’t have an in-depth examination of the inner part of my ear. Aside from trying my best to be descriptive, the doctor can only advise so much from what you are telling him. Despite the challenges, I wouldn’t mind another telehealth consultation next time.

While most people prefer face-to-face consultations, a lot of people find it comfortable to use telehealth for checkups, including seniors. Now, video calls aren’t limited to the usual video call catch-ups, online classes, and work webinars anymore. Through common online platforms such as Google Meet, Facebook Messenger, Skype, or Zoom, healthcare providers may use these applications to conduct medical checkups online. However, using these applications may be a threat to patient’s privacy. As a result, using these apps shouldn’t be used by healthcare providers for telehealth services.

Telehealth looks like it’s not going to end anytime soon yet, and is going to be a part of the new normal once the pandemic is over. With a HIPAA-compliant online form builder, healthcare providers can obtain the most confidential and sensitive patient information in online forms at ease.

What is HIPAA compliance?

The Health Insurance Portability and Accountability Act, otherwise known as HIPAA, was established in 1996 by President Bill Clinton. It was passed to protect personal information, particularly in the healthcare space. This act is put in place to give those that are working with protected health information guidelines. In order to stay compliant, you must have physical and technical safeguards in place. For example, if you are hosting your data, you need to use a HIPAA-compliant form builder that has physical and technical safeguards in place. Here at PlatoForms, we have put into place the systems needed to protect personal health information when you upgrade your account.

We provide our customers with HIPAA Compliant PDF online forms that can be used in their offices. This service will allow our customers to get the level of protection they need to avoid violations which will lead to steep fines and possible prison time. Since PlatoForms is a HIPAA compliant PDF fillable form builder, you can securely obtain patient information with our PDF forms.

Not sure if you need the HIPAA compliant option? Here are a few common questions.

Who needs to be HIPAA compliant?

Wondering if you have to be HIPAA compliant? The short answer is, anyone who works with protected health information (PHI), must adhere to HIPAA compliance. Does that mean that only doctors, hospitals, and nurses have to be compliant? Not at all. Any third-party company that works with a company that handles PHI, must also be HIPAA compliant.

There are two groups that must be in compliance:

Covered Entities:

A covered entity refers to:

  1. Health Plans
  2. Health Care Clearing houses
  3. Health Care Provider

Anyone that works with the patient data must be HIPAA compliant. This includes employees in billing, administration, and data collection roles. If an employee has access to patient information, they must be trained.

Business Associates:

A Business Associate is a third-party contractor or vendor that has access to patient information via the Covered Entity. These vendors can include:

  • Call Centers
  • Marketing Agencies
  • Collections
  • IT Professionals
  • Tech Companies

It’s up to the Covered Entity to make certain they have a Business Associates Agreement on any third party they work with that has access to PHI.

What are the penalties from HIPAA violation?

Both Covered Entities and Business Associates can be fined for HIPAA violations. There are two types of penalties, civil and criminal. Civil violations can range from $100-$50,000 per violation depending on the violation. Each day that the violation is not resolved, the penalties grow.

Criminal violations are for Covered Entities and individuals that knowingly disclose individual health information. The individual that committed the violation will serve jail time. If an organization violates HIPAA rules, it may face penalties from OCR and its states’ attorney generals. Covered Entities must take additional steps beyond simply adopting an electronic health record system to ensure compliance with federal privacy laws.

HIPPA requires covered health care providers to protect patient privacy by limiting access to their medical records. It also sets strict rules for who may view them. Under the enforcement final rule of 2006, the Office for Civil Rights (OCR) has been given the authority to impose monetary fines against health care providers who violate certain provisions of the Health Insurance Portability and Accountability Act (HIPAA).

As part of the HITECH Act, financial penalties for HIPAA violations increased from $100 per violation to $50,000 per violation. On March 26th, 2013, the Omnibus rule went into effect.

With the implementation of the Omnibus Rule, which was introduced by the Department of Health and Human Services’ Office for Civil Rights (OCR), the new penalties for HIPPA violations now apply to healthcare providers, their health insurance companies, healthcare clearinghouses, and any other entity deemed to be an “affected party” under HIPAA rules.

Penalties are meant to deter violations of HIPAA by making sure covered entities take responsibility for their actions (or inaction) regarding patient privacy and confidentiality. They’re also designed to ensure patients get access to their medical records if they ask for them. A violation of HIPAA law carries penalties that vary depending on whether the covered entity knew or did not know of the violation. The OCR sets penalties for violations according to a number of general factors and their severity.

It doesn’t matter if you don’t know HIPPA rules; ignorance isn’t an excuse for violating them. Each covered entity has an obligation to understand and comply with HIPAA rules. If an individual health plan has been found to commit a willful violation of HIPPA law, then the maximum fine for each affected person may be $50,000 per incident.

PlatoForms offers HIPAA compliant PDF forms

Here at PlatoForms, we help Covered Entities and Business Associates to stay HIPAA compliant by providing HIPAA compliant PDF forms to our customers. This optional service is available to our Silver or Gold plan subscribers at no additional cost.

In the past 6 months, we’ve made huge strides to stay compliant. When you choose the HIPAA compliant service, we will upgrade your account with these extra protections, but not limited to them:

  • Data Encryption
  • Limited Access
  • Logging & Monitoring
  • Backup and Recovery

You can learn more about our HIPAA PDF forms and continued efforts in the HIPAA overview.

We sign a business associates agreement

To help you with your compliance, we’ll sign a Business Associates Agreement. After you completed the HIPAA compliant request form, we will send you a copy of the electronically signed BAA to your team administrator’s email box.

Be compliant with our HIPAA compliant PDF forms with PlatoForms

Become HIPAA compliant today! Make sure you upgrade your account in order to make HIPAA-compliant fillable forms online. Once you sign-up, we’ll get your account set up with everything needed.

For additional information about HIPAA security rules safeguards, refer to this link.

Got more questions about our online forms? do not hesitate to reach out to us.

Stay in the Loop!

Subscribe to our blogs for exclusive insights, tips, and updates.

Related Content Read more