{"id":10018,"date":"2021-02-02T15:21:00","date_gmt":"2021-02-02T20:21:00","guid":{"rendered":"https:\/\/www.sage.com\/en-us\/blog\/?p=10018"},"modified":"2024-08-21T15:10:56","modified_gmt":"2024-08-21T19:10:56","slug":"healthcare-understand-risks-benefits-hipaa-phi-2021","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-us\/blog\/healthcare-understand-risks-benefits-hipaa-phi-2021\/","title":{"rendered":"Healthcare finance leaders: understand the risks & benefits of HIPAA and PHI in 2021"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\tPeople & Leadership<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t

\n\t\t\t\t\t\tHealthcare finance leaders: understand the risks & benefits of HIPAA and PHI in 2021\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t

\n\t\t
\n\t\t\t
\n\t
\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t
\n\t\t\t\n\t\t\t\t\"\"\t\t\t\tMelissa O'Dowd<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n

More and more finance teams are integrating PHI into their financial systems and hipaa compliant accounting solutions <\/a>to facilitate activities including patient collections, new products and services and insight into performance-based reimbursement programs. As a result, financial and business leaders can no longer assume the risk of a potential breach is limited to clinical software and must become more aware of the changing dynamics and risks associated with protecting their patients\u2019 PHI in the financial suite.<\/p>\n\n\n\n

If we use 2020 as an example, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a record 19 resolution agreements for the Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Privacy Rule despite the ongoing pandemic.1<\/sup> This shows that OCR did not lose sight of the continuing need for provider organizations to secure protected health information (PHI) from potential breaches. All signs point to OCR and HHS continuing to enhance HIPAA regulations in response to the continuing pandemic, as provider organizations expand their use of PHI and participate in new business models like value-based reimbursement and more.2<\/sup><\/p>\n\n\n\n

Simply rolling back the use of PHI is not an option either, as the \u201ctoothpaste is already out of the tube,\u201d and PHI now plays a critical role in understanding the financial performance of the business. Financial leaders must instead employ strategies to ensure their policies, procedures and financial management systems are HIPAA-compliant.<\/p>\n\n\n\n

Understanding PHI and HIPAA<\/h2>\n\n\n\n

PHI is defined as \u201chealth information that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.\u201d3<\/sup> In addition to information contained within medical records, correspondence, billing information or virtually any patient-identifiable information is considered PHI and must be protected from potential breach. That means something as simple as a patient name can be considered PHI.<\/p>\n\n\n\n

Healthcare organizations, including health plans, providers and clearinghouses must follow HIPAA guidelines and the HIPAA Privacy Rule, and must also have contracts in place (called Business Associate Agreements<\/a>) with many of their contractors and subcontractors, to safeguard the use of PHI to ensure it is not disclosed in violation of HIPAA. Organizations that fail to protect PHI or experience a breach put themselves at risk of a HIPAA violation.<\/span><\/p>\n\n\n\n

And the impact can be significant, with healthcare data breaches costing an average of 60% more \u2013 or $6.45 million \u2013 than cross-industry averages to remedy. That equates to an average of $429 spent per lost or stolen record to implement breach detection and response, notification of affected patients, lost business due to downtime, reputational damage, and impact to patient trust.<\/p>\n\n\n\n

\n

Sage Intacct is certified as HIPAA- and HITECH-compliant by Avertium (formerly Sword & Shield) and enters into Business Associate Agreements with eligible healthcare clients.<\/strong><\/p>\n<\/blockquote>\n\n\n

Read more about how Sage Intacct works with healthcare organizations<\/a><\/div>\n\n\n\n

Practical strategies for managing PHI in a financial setting<\/h2>\n\n\n\n

To help finance leaders better manage and protect PHI in their own teams and across the organization, Sage Intacct recently retained market research firm Porter Research to assess finance leaders\u2019 awareness and understanding of the risks associated with PHI and HIPAA violations.<\/p>\n\n\n\n

The resulting whitepaper, \u201cNew Research: Finance Professionals & PHI,\u201d reviews five key findings including:<\/p>\n\n\n\n