US Legal Forms
Legal Resources
Questions & Answers
Healthcare
Is a Credit Check Database for Patients Allowable Under HIPAA?

Is a Credit Check Database for Patients Allowable Under HIPAA?

Full question:

If I set up a database and I want to share a patients information.. Name ssn and $ owed. Goal is to identify if a person will be a credit risk to a small business.. Dentistry Would that be a violation of HIPPA. Even if I set up a dental clearinghouse data base. The doctor would enter his personal information and that of the patient to find out if they owe another dentist money. Law does not protect a dentist once work is started on the patient.

Category: Healthcare
Subcategory: Privacy Rights
Date: 04/07/2025
State: Illinois

Answer:

The answer will depend on all the facts involved, such as whether the participants are covered entities and the information gathered. Generally, what you describe seems to fall under HIPAA coverage, however, we are prohibited from giving a legal opinion, as this service provides information of a general legal nature. We suggest you contact a local attorney who can review all thefacts and documents invovled.

To define protected health information, you have to examine two definitions that were in Section 1171 of Part C of Subtitle F of Public Law 104-191 (August 21, 1996): Health Insurance Portability and Accountability Act of 1996: Administrative Simplification. These statutory definitions are of health information and individually identifiable health information.

“Health information means any information, whether oral or recorded in any form or medium, that–
and or the past, present, or future payment for the provision of health care to an individual; and

(i) That identifies the individual; or

(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.”

A covered entity is defined as a practitioner who either bills electronically or uses a clearinghouse for billing purposes.

For further discussion, please see:

http://www.hipaa.com/2009/09/hipaa-protected-health-information-what-does-phi-include/

This content is for informational purposes only and is not legal advice. Legal statutes mentioned reflect the law at the time the content was written and may no longer be current. Always verify the latest version of the law before relying on it.

FAQs

What databases are HIPAA compliant?

HIPAA-compliant databases are those that meet the privacy and security standards set by the Health Insurance Portability and Accountability Act. These databases must implement safeguards to protect protected health information (PHI) and ensure that only authorized individuals can access it. Examples include electronic health record systems and secure cloud storage solutions designed specifically for healthcare data. It's essential to verify that any database provider has undergone a thorough compliance assessment.

How do you make a system HIPAA compliant?

To make a system HIPAA compliant, you need to implement administrative, physical, and technical safeguards to protect PHI. This includes conducting a risk assessment, training staff on privacy policies, ensuring secure access controls, and encrypting data. Regular audits and updates to security measures are also necessary to maintain compliance. Consulting with a legal expert in healthcare compliance can provide tailored guidance.

How do I make my database HIPAA compliant?

To make your database HIPAA compliant, start by conducting a risk assessment to identify vulnerabilities. Implement security measures such as encryption, access controls, and audit logs. Ensure that any third-party vendors you use also comply with HIPAA regulations. Regularly review and update your policies and procedures to align with HIPAA standards. Consulting a legal professional can help ensure that all aspects of compliance are covered.

Is sharing a patient name a HIPAA violation?

Sharing a patient’s name can be a HIPAA violation if it is done without proper authorization or if it is disclosed in a way that could identify the patient in connection with their health information. HIPAA protects all forms of PHI, which includes names when linked to health-related information. Always obtain consent before sharing any identifiable patient information.

How much does it cost to become HIPAA compliant?

The cost of becoming HIPAA compliant can vary widely depending on the size of your organization, the complexity of your systems, and the extent of necessary changes. Costs may include legal consultations, staff training, software upgrades, and ongoing compliance audits. Small businesses may spend a few thousand dollars, while larger organizations could incur significantly higher expenses. It's advisable to budget for both initial compliance and ongoing maintenance.

Is SSN protected under HIPAA?

Yes, a Social Security Number (SSN) is considered protected health information (PHI) under HIPAA when it is used in conjunction with health information. This means that any disclosure of an SSN that can be linked to an individual's health status or care must comply with HIPAA regulations. Organizations must take steps to protect SSNs and ensure they are shared only with authorized individuals.