HIPAA and Patient Information Privacy: What You Need to Know
Due
to the massive amount of personal data and information stored electronically
today, everybody is concerned about their patient information privacy. That is
why you may find yourself questioning what your doctor is doing to ensure the
protection of your healthcare information.
Health
plans, health care providers, health care clearinghouses, and their business
associates have to abide by set industry standards when it comes to the storage
and transmission of your healthcare information. However, some entities don’t
have to follow these regulations. These include:
• State agencies such as child protective
services
• Life insurance companies
• Schools
• Employers
• DTC (direct to consumer) genetic testing
companies
• Alternative medicine practitioners
• Workers compensation carriers
• Health and fitness mobile applications
HIPAA Privacy and Security Rules
The
HIPAA privacy Rules were established in 1996 to protect personal healthcare
information in the United States. Over the years, these rules have undergone
changes and revisions to cope with the growth and development of technology.
HIPAA
stands for Health Insurance Portability and Accountability Act. The act
protects sensitive patient data through the creation of high electronic
exchange standards as well as ensuring the security and privacy of all patient
information within the healthcare industry.
HIPAA
Administrative Simplification Rules protect patient confidentiality and ensure
that any medically necessary information that is shared must adhere to a
patient’s rights to privacy. The essence of the HIPAA Privacy Rules was to
simplify and protect the handling of healthcare information and the
confidentiality of sensitive patient data within the industry.
HIPAA
has four Compliance Rules for health care providers:
• HIPAA Privacy Rule: Protects the type of
data communicated.
• HIPAA Security Rule: Protects data and databases
to ensure security.
• HIPAA Enforcement Rule: Indicates the
procedures for enforcement, hearings, and penalties.
• HIPAA Breach Notification Rule: Required to take available steps
to "mitigate" the harm of disclosure, which may mean notifying the
individual whose information was disclosed.
Information Protected by HIPAA
The
HIPAA privacy rule protects all your identifiable health information that is
transmitted or held by an entity covered by HIPAA or its respective business
associate. Protected health information refers to all such information in any
media or form, whether paper, oral, or electronic.
Individually
identifiable information cannot be shared without your consent. This includes
any data relating to your past, future, or present mental and physical health;
your provision of healthcare; or past, future, or current payment related to
your healthcare. Identifiable information has a reasonable basis that can lead
a third party to identify you, and it includes common identifiers such as your
name, address, social security number, or birth date.
Protected information also
includes:
• Information that your healthcare providers
put in your medical records.
• Any conversation that your doctor has
concerning your treatment and care.
• Your medical information held by your
health insurer.
• Other medical information concerning you
that is held by entities bound by HIPAA.
Recent Developments in HIPAA Audits
The
rapid increase of HIPAA violation cases and complaints led the Office for Civil
Rights’ department of Health and Human Services to conduct on-site audits with
the pilot program done between 2011 and 2012. The second set of desk audits
were performed in 2016 and site audits done in 2017. This has forced HIPAA
covered entities and their business associates to ensure strict compliance with
all rules.
Conclusion
Your
health information is protected by HIPAA privacy rules and cannot be shared or
used without your written consent unless otherwise allowed by this law. Despite
this, the HIPAA privacy rule has several protected health information
exemptions including employment records maintained by your employer and records
held by education institutions like schools.
Comments
Post a Comment