5 Things Medical Students Should Know About HIPAA Compliance

As a medical student, you have the advantage to learn and become knowledgeable in the field of healthcare and medical science. And in line with it, you’ll have to know how to properly collect, use, and secure your patients’ information and medical history. With that said, you must comply with the Health Insurance Portability and Accountability Act (HIPAA). 

The law protects every person’s privacy, and that includes sensitive information about their health and medical history. The HIPAA provides guidelines on how healthcare professionals and even health insurance providers should handle the information of their patients or clients. To learn more about it, keep reading.

  1. What Is Protected Health Information (PHI)?

As mentioned, you’ll be handling information from your patients, and these are usually sensitive. Thus, they’re included in the Protected Health Information (PHI): this consists of all types of information written down in a medical record which you can use to identify an individual. 

Put simply, PHI refers to any personally recognizable data located in a medical record that includes billing information and health insurance numbers. In addition, conversation transcripts between healthcare professionals about treatment and electronic health applications are also classified as PHI. 

Other information that falls under PHI according to HIPAA are the following: 

  • Doctor’s appointment
  • E-mails from medical professionals containing your prescriptions
  • Test results like blood tests and MRI
  • Phone records

As PHI falls under the HIPAA meaning, you have to protect it. However, the following information doesn’t fall under PHI:

  • Number of calories burned
  • Readings from blood sugar tests, heart rate tests, and others without personally identifiable user information like the patient’s account or user name.
  • Steps taken in a pedometer
  1. How Is PHI Used?

Upon birth, the individual already has PHI written in an eHealth record. During the first few months, the data only consists of weight, body temperature, length, and complications during the delivery. As the individual grows, more information is added to the record. Keeping track of this information allows medical professionals to understand the person’s health better.

Alternatively, researchers and other clinical experts utilize PHI to determine current healthcare trends. For instance, anonymized PHI is included in a large data set to manage population health; such information is crucial in drafting better healthcare programs. 

Unfortunately, since PHI contains rich personal information, many hackers are interested in exploiting the patient’s data and sell or make money from it. Other criminals also withhold PHI from rightful healthcare practitioners through ransomware attacks.

Thus, as a medical student, learning about the importance of PHI and what kind of information is under it is essential to remain HIPAA-compliant. 

HIPAA Professional doctor use computer and medical equipment all around, desktop top view, coffee
  1. Who Must Follow The Privacy Rule?

Whether you’re manually or electronically transmitting paper containing patient information, you have to follow the Privacy Rule: HIPAA. Especially for healthcare providers practicing electronic billing, HIPAA compliance is essential. 

To specify who must comply with HIPAA, the following is the list of healthcare providers covered by the law: 

  • Healthcare providers working in clinics
  • Doctors, chiropractors, and physicians 
  • Dentists
  • Psychologists and mental health professionals
  • Those working in pharmacies
  • Health plan or health insurance providers, whether government or private
  • Healthcare clearinghouse workers

So, if you plan to work as any of those after you graduate from your medical studies, you have to follow HIPAA regulations. 

  1. What Could Happen In Case Of HIPAA Violations?

HIPAA compliance is a crucial part of IT planning for most large enterprise healthcare providers and professionals. However, many small to mid-sized organizations hesitate to follow HIPAA regulations. 

Not doing so could incur punishments and penalties to the healthcare facility that may put them out of business. So, if you’re planning to create your own private clinic after graduating, you need to undergo HIPAA training and be certified to protect your facility.

  1. Is HIPAA Training Required?

As long as a medical health practitioner is working in a healthcare facility, HIPAA training must be implemented regardless of the organization’s size or budget.

According to HIPAA regulations, periodic training must be provided to employees as a refresher. It’s also best to conduct training every year since many government rules and regulations regarding healthcare change frequently. And as a medical practitioner, you’re required to keep up with such ever-changing rules. 

For periodic refreshers, online HIPAA training may already be good enough since employees only need to update their repertoire of information. 


While it may not be your forte, handling and securing your patients’ information is essential as it’s their right. But it’s also for your protection. If you don’t follow the guidelines under HIPAA, you can face charges. To avoid such, you have to undergo HIPAA training and keep up with the latest requirements and regulations. 

Leave a Reply