The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires the Department of Health and Human Services (HHS) to create national standards for the security of electronic health care information. Laboratory testing facilities are covered entities required to be compliant with HIPAA privacy regulations.
Under HIPAA, all laboratory workers must be trained on procedures that facilitate patient confidentiality. All training received by laboratory staff must be documented with attendance taken at each session in order to maintain compliance with federal regulations. This is to ensure that every staff member working in a given facility understands the regulations set forth in HIPAA and is able to implement these standards in a compliant manner that protects the laboratory and the patient.
Disclosure of Information
A facility must give full disclosure of protected health information, if required by law to do so, within 30 days of the patient’s request or move the treatment process along. A laboratory may also release this information when payment or other health care operations are required or if consent has been granted by the patient. In almost all cases (insurance billing being an exception) patient consent is required before confidential medical records or test results may be disclosed to a third party.
Notification of Patient Rights
Laboratory staff must adequately inform a patient of his HIPAA rights. This includes the filling out and signing of certain forms that disclose this confidentiality information to the patient with copies kept on file by the lab and a copy given to the patient. In signing the acknowledgment form, the patient is also giving the lab permission to view his medical records and to share any test results within the lab in order to facilitate his treatment.