HIPAA Regulations at the Pharmacy

HIPAA (The Health Insurance Portability and Accountability Act) was enacted by the U.S. Congress in 1996, in order to reform the United States healthcare system.

However, the final privacy rules of this act were issued on August 9, 2002.

The most important mission of this act is to protect the medical records and health information of an individual.

The HIPAA Privacy Rule provides the first U.S. standards for protecting the privacy of health information.

The main principle used by the act is the following: if someone has the right to make a health care decision, this person also has the right to control all the information associated with his decision.

That’s why every U.S. healthcare worker must receive proper HIPAA training.

Under the HIPAA act, Protected Health Information (PHI) means any information about health status, provision of health care, or payment for health care which can be linked to a specific individual.

PHI can include written documents, electronic files, and any verbal information. HIPAA does not allow the Protected Health Information (PHI) to be shared with a third party without the written consent of the patient.

Signed Consent

It is important to mention that the patient’s signed consent before doing anything with his or her information is now only an option.

So there is no need for a pharmacy technician or pharmacist to get the patient’s consent before processing his information.

But techs and pharmacists must give their patients the written Notice of Privacy Practices. This document will spur discussions between pharmacy staff and their patients concerning how their PHI will be used.

Each privacy notice is specific to a pharmacy or hospital. However, patients are not required to sign the privacy notice if they don’t want to.

All patient acknowledgments of privacy notice must be kept on file at least for 6 years.

New Pharmacy Ownership and HIPPA

HIPAA allows the transfer of patient medical records.

So when a pharmacy has a new owner, he or she automatically gains access to all patient information. There is no need for patient authorizations to transfer all the records.

PHI and Marketing

When pharmacists intend to use the patient’s information for marketing purposes, they need written consent from the patients.

There is need for specific authorization in addition to the privacy policy before pharmacists can release any patient’s information for marketing use.

HIPPA and Minor's Rights

But what does HIPAA mention about minor’s rights? When talking about minor’s rights, HIPAA says: if the U.S. state does not specifically allow or disallow release of medical information to parents of a minor, then it is up to the pharmacist’s professional judgment if he or she will release it or not.

In other words, the state laws will determine how much of a minor’s protected health information (PHI) a parent can get through HIPAA.

Penalties for HIPPA Violations

People who violate HIPAA can face civil and criminal penalties, including fines ranging from $100 to $250,000 and/or imprisonment ranging from 1 to 10 years.

However, unintentional mistakes will not be punished. As long as techs and pharmacists protect their patients’ information and use it appropriately for their treatment, there shouldn’t be any problems.

So it’s important to protect the privacy of the patients’ information as best as possible.

Questions about HIPPA at the Pharmacy?

Do you have a question about HIPPA in the Pharmacy?

What Other Visitors Have Said

Click below to see contributions from other visitors to this page...

Top of HIPAA

Back to Home

New! Comments