HIPAA – we’ve all heard of it. Maybe you’ve even signed a HIPAA disclosure at some point. But what exactly does HIPAAlaw protect?
This article covers the basics of HIPAA and how it works to protect your health information.
What is HIPAA?
HIPAA law is the standard of privacy and protection of certain health information. The U.S. Department of Health and Human Services, HHS, created the HIPAA Privacy Rule in 1996.
The HIPAA Privacy Rule addresses how health information is used and disclosed. This protected health information is called Protected Health Information or PHI.
The HIPAA Privacy Rule gives the criteria for individuals and entities for privacy rights. It teaches them how to understand and control how their health information is used.
Health and Human Services and the Office for Civil Rights both have the responsibility of enforcing and implementing the HIPAA Privacy Rule. They can plan compliance activities and even charge penalties and fines.
The HIPAA Privacy Rule ensures that Americans’ health information is protected. This protection allows for the necessary information that is needed to treat an individual to be accessed while keeping all health information secure.
If you are seeking out healthcare you can rest assured that your private health information is protected because of the HIPAA Privacy Rule. This rule is designed to be flexible enough to cover a variety of situations and different types of disclosures.
Covered entities such as healthcare facilities are required to comply with HIPAA requirements at all times and safeguard important confidential health information of its patients.
The HIPAA Privacy Rule extends to health plans and any healthcare provider that send health information of its patients during transactions.
Health Care Providers and HIPAA
Every day healthcare providers who submit health information are known as covered entities. It doesn’t matter how large or small these entities are. Covered entities must seek HIPAA compliance in all transactions.
Transactions can include eligibility inquiries, referrals, claims, and other types of transactions. Just become an entity uses electronic technology such as email doesn’t mean they are a covered entity. All transmissions of health information must be in connection to a transaction.
HIPAA Privacy Rules still apply whether a health care provider is using email or even a third party to submit transactions on its behalf. Email and third parties who are not compliant with the rule can get the healthcare provider into trouble and result in a HIPAA violation or violations.
Business Associates and HIPAA
A business associate is a person or organization that provides services on behalf of the covered entity that requires disclosure of health information. Business associates are not employed by the covered entity. They are an outside workforce.
All business associates must receive HIPAA training and HIPAA certification to complete their activities. Business associates usually work in medical billing, data analysis, and processing of medical claims. Sometimes they may also work in law, accounting, or management positions.
The function of the individual must involve the use of disclosed protected health information for the person or organization to be recognized as a business associate. For example, sometimes covered entities are business associates to other covered entities.
Health Information Protected by HIPAA
The HIPAA Privacy Rule applies to all fields and health information. Whether health information is transmitted by a covered entity, business associate, member of the media, etc itis still guarded by the HIPAA Privacy Rule.
It also doesn’t matter what form the information is submitted in. It can be electronic, oral, or paper. All of these forms of transmission are covered.
Protected Health Information is any information covered by the HIPAA Privacy Rule. This information includes personal identifying information such as name, address, birth date, Social Security Number, and past medical history information. All of this information must be protected under the HIPAA Privacy Rule.
HIPAA Security Rule
The Security Rule requires covered entities to keep up with reasonable, appropriate safeguards for protecting electronic Protected Health Information. The HIPAA Security Rule outlines that unauthorized persons should not have access to electronic Protected Health Information.
The Security Rule is today’s modern rule for keeping up with new technology and changes in the healthcare field. The Security Rule outlines improper use and disclosures as well as altering or destroying Protected Health Information.
The Department of Human Health and Services recognizes all covered entities from small to large providers and it applies the rule evenly across all entities.
Covered entities are allowed to find their own solutions in dealing with electronic PHI. What may work for a giant hospital may not work for a small dentist office. Each covered entity analyzes its needs and works to find a solution for their specific environment.
Risk Assessment
The HIPAA Security Rule requires all covered entities to perform regular risk analysis. This is part of the management process of protecting electronic PHI long-term.
The risk analysis helps determine which security measures are reasonable and appropriate for the covered entity. It is a tool covered entities use to make sure they are protecting all PHI appropriately.
- A risk assessment may include any of the following activities.
- Evaluating the likelihood and impact of potential risks
- Applying security measures to address specific needs as identified
- Documenting all security measures taken
- Maintaining and updating security practices as needed
The risk analysis should be a long-term ongoing process. The covered entity must regularly review its security analysis and adopt new appropriate measures when there is a new threat to Protected Health Information.
This includes reporting all security incidents, periodical reviews, and evaluating potential risks. Once all of these steps come together with then we can be sure that patients Protected Health Information is properly protected.
HIPAA Keeps Our Health Information Protected
So much work is being done behind the scenes to keep our personal health information protected. HIPAA law gives healthcare workers access they need to provide care and keeps out anyone else who doesn’t need to see out personal information.
