What is HIPAA?
HIPAA is short for the Health Insurance Portability and Accountability Act of 1996, and is a federal law that establishes national standards criteria for the protection of sensitive and personal health information from being shared or exchanged without the specific permission, knowledge or consent of the patient. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA and the HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
What is the HIPAA Privacy Rule?
The standards for the Privacy Rule address the disclosure and use of the health information of individuals (referenced as “protected health information”) by entities that are subject to the Privacy Rule (referenced as “covered entities.”) The Privacy Rule has established standards for individual patients to understand and control how their personal health information is used. The goal of the HIPAA Privacy Rule is to not only protect personal health information, but to also establish strict guidelines for those that have and share private patient health information, while ensuring that the proper flow of the information is accomplished so that health providers can promote high quality health care. The purpose of the Privacy Rule is to create a balance that allows the priority of health information uses while also protecting the privacy of the patients that are looking for health care.
Electronic transmission of all personal patient data is required to comply with specific encryption guidelines.
Who Are “Covered Entities”?
- Healthcare providers, no matter what the practice size, that electronically transmits patient health information in connection with certain transactions. HHS has created standards under the HIPAA Transactions Rule. The transactions can include claims, inquiries for benefit eligibility, referral authorizations, and other types of transactions.
- Health plans are entities that provide or pay the cost of medical care that can include health, dental, vision, and prescription drug insurers; HMOs (Health Maintenance Organizations); Medicare, Medicaid, Medicare+Choice, and Medicare supplement insurers; and long-term care insurers (excluding the nursing home fixed-indemnity policies). Health plans also include any group health plans that are employer-sponsored, government- and church-sponsored health plans. And multi-employer health plans. Exception to this is any group health plan that has less than fifty participants that is solely administered by the employer that established and maintains the plan is not a covered entity.
- Healthcare Clearinghouses are those entities that process the information they receive from another entity that is nonstandard and process it into a standard. Examples of this are standard format or data content, or the reverse. In most cases they will receive individually identified health information only when they are providing these processing services to a healthcare provider or health plan as a business associate.
- Business Associates are organizations or persons (other than a member of the covered entity’s workforce) that is disclosing or using individually identifiable health information to provide or perform functions, activities or services for a covered entity. These activities, services, or functions can include claims processing, data analysis, utilization review, and billing.
Previous and Next Pages
Parent page – Safety & Compliance Training