Have you ever wondered why you're asked to sign a privacy form or scan your thumb or finger every time you visit a doctor for the first time or are admitted to the hospital for a procedure or care?

It's for protection. Your unique health information is just that -- yours and at Columbus Regional Health, we're dedicated to helping patients preserve and manage their personal data. The Health Insurance Portability and Accountability Act (HIPAA), established in 1996, is a federal law enacted by congress that requires health care providers to protect and keep confidential all personal health information for patients. The law also strictly regulates the use or disclosure of such information without proper patient authorization.

“Our core beliefs include a duty to protect your information. Our patients are our first priority and we believe that patient privacy is an integral part of the health care we provide,” said Heather Hubbard, CRH System Director of Health Information and Privacy. “To ensure that we are able to create a lasting bond of trust with our patients, we have many safeguards to protect the privacy and security of patients’ personal information.”

Hubbard said the principal focus of the CRH Privacy and Health Information Department is to ensure the privacy and security of patient information. The department utilizes sophisticated technologies and processes to protect patient information. CRH computer networks, data centers, personal computing devices, and all systems are being continuously monitored to prevent unwanted intrusions into personal health information and to prevent computer infections.

“We also have many policies in place to protect the privacy and security of your personal information and our employees are educated from the moment they are hired and continually after, to respect and protect our patients’ privacy,” Hubbard said. “CRH workforce members are continuously educated about patient privacy and follow strict guidelines to make sure that patient information is protected and remains secure.”

Using a solution called FairWarning® to conduct patient privacy monitoring, the CRH Privacy and Health Information Department receives alerts if suspicious activity is detected.

By proactively protecting patient privacy, CRH is:

• Giving you confidence in your choice of care provider
• Assuring that you can share sensitive information without fear
• Partnering with our patients for long-term success

If you have specific concerns about the privacy of your records, please contact our Privacy Officer at 812-376-5011 or our Privacy Analyst at 812-376-5106.

HIPAA Frequently Asked Questions

Q: What is HIPAA?

A: HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996.  It is a federal law designed to help protect your health information.

Q: What does HIPAA do?

A: HIPAA protects the privacy and security of patient medical information in both written and electronic forms and establishes safeguards that health care providers must implement to protect that information. It also sets the terms on which medical information can be transmitted to other providers and to health insurers.  It gives patients more control over, and access to, their medical information and sets limitations on the use and release of that information.

Q: What information is protected under HIPAA?

A: The HIPAA Privacy Rule protects “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "Protected Health Information,” which is also referred to as “PHI.”  PHI is information created or received by a covered entity that: (i) may relate to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the payment for the provision of health care to an individual; and (ii) identifies the individual who is the subject or based on which there is a reasonable basis to believe that the individual who is the subject can be identified.

The following are examples of identifiers that could be considered individually identifiable information:

• Names
• Address
• All elements of date (except year) for dates directly related to an individual, including birth date, discharge data, date of death; and all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
• Telephone numbers
• E-mail addresses
• Social security numbers
• Vehicle identifiers and serial numbers
• Medical device identifiers
• Biometric identifiers, including finger and voice prints
• Full face photographic images and any comparable images
• Any other unique identifying number, characteristic, or code

Q: How is Columbus Regional Health ensuring compliance with HIPAA?

A: Columbus Regional Health has implemented a number of controls to comply with HIPAA. Some of them are:

• Privacy Officers
• Regular, periodic training for the members of its workforce
• Policies and procedures to help protect the privacy and security of patients’ individually identifiable health information
• HIPAA audits
• HIPAA-compliant forms to help implement HIPAA
• A Notice of Privacy Practices that is available to all patients

Q: Who should I contact if I have more questions about my privacy rights?

If you have specific concerns about the privacy of your records, please contact our Privacy Officer at 812-376-5011 or our Privacy Analyst at 812-376-5106.

Q: How can I learn more about HIPAA and patient privacy?

A: For more information about the privacy of your medical information, we recommend that you consult the following website: https://www.hhs.gov/hipaa/index.html.