THE HIPAA LAW : HIPAA CERTIFICATION

Introduction

It is essential to comprehend “What HIPAA Stands For” and “What is the HIPAA Law” to appreciate some of the backstory behind the rule. The U.S. Department of Health and Human Services (HHS) delivered the Privacy Rule to put into effect the Health Insurance Portability and Accountability Act of 1996, also known as HIPAA. HIPAA was established to “upgrade the portability and accountability of health insurance coverage” for employees between jobs. Other objectives of the Act were to checkmate waste, fraud and abuse in health insurance and healthcare delivery.

What is The Hipaa law?

This rule was initially an innocuous law with few consequences until the later changes took place. HHS analyzed existent breaches at that time and found that half occurred in healthcare either due to cyber-attack, theft or incidental disclosure of Protected Health Information (PHI). The federal government decided then to address this issue and become much more aggressive in the enforcement and penalties. It was then that HIPAA become much more important for healthcare providers. Essentially HIPAA stands for increased security of protected health information.

The Privacy Rule covers the use and disclosure of individuals’ health information (protected health information) by organizations that are subject to the Privacy Rule. These organizations are known as covered entities and include healthcare providers, insurance companies, pharmacies, and clearinghouses.

The Privacy Rule went into effect in 2003, establishing standards for individuals’ privacy rights, so patients may understand and control how their health information is used. Furthermore, it emphasized the concept of “minimum necessary” in relation to data sharing. The Rule specified that patient’s authorization for disclosure of PHI is not required for treatment, payment, and health care operations. Lastly, the Privacy Rule does not restrict the use of de-identified health information.

What is PHI?

The Privacy Rule went into effect in 2003, establishing standards for individuals’ privacy rights, so patients may understand and control how their health information is used. Furthermore, it emphasized the concept of “minimum necessary” in relation to data sharing. The Rule specified that patient’s authorization for disclosure of PHI is not required for treatment, payment, and health care operations. Lastly, the Privacy Rule does not restrict the use of de-identified health information.

The following identifiers are included.

  1. Private information that can be used to identify an individual, like name, address, birth date, and Social Security number.
  2. The individual’s current or potential mental or physical health.
  3. The type of care the individual is receiving or has received in the past.
  4. How the individual has paid or will pay for their healthcare.

What is Hipaa privacy policy?

The HIPAA Privacy Rule sets out standards to protect PHI held by the following covered entities and their business associates:

Health Plans: -Health care providers are entities that cover the cost of medical care. The first type are health plans, which include health, dental, vision, and prescription drug insurers. The second type are health maintenance organizations (HMOs). Medicare, Medicaid, and Medicare supplement insurers are the third type. The fourth and final type are long-term care insurers (excluding nursing home fixed-indemnity policies). Health plans also include employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans.

Health care clearing houses: – Entity that transforms non-standard information they get from another entity into a standard (i.e. regular format or data content), or vice versa. Oftentimes, healthcare clearinghouses will only receive individually identifiable information when they are offering these processing services to a health plan or healthcare provider as a business associate.

Health care provider: – All healthcare providers who electronically transmit health information in connection with certain transactions are required to do so. These transactions include claims, benefit eligibility inquiries, referral authorization requests, and other transactions for which the Department of Health and Human Services has established standards under the HIPAA Transactions Rule.

The following categories of people and organizations are subject to the Privacy Rule and are considered business associates:

Business associates: – Business associates are entities that perform certain functions or activities on behalf of, or provide services to, a covered entity that involve the use or disclosure of protected health information. Business associates must enter into a written contract with the covered entity specifying the permitted and required uses and disclosures of protected health information.

The Privacy Rule affords individuals significant protections regarding their protected PHI, including the right to inspect and receive a copy of their health records in the form and manner they request, as well as the right to request corrections to their information. This has become increasingly important in light of the Right to Access Initiative.

What the PHI of a covered entity must be kept private and confidential at all times?

The entities that we cover in hipaa privacy policy must kept the information of customer or consumers private and confidential.

The covered entity must:

  • It is necessary to inform patients about their rights in relation to privacy and how their personal information will be used.
  • Procedures regarding privacy must be put into place and all employees must be trained to follow these procedures.
  • A designated individual (Privacy Officer) must be appointed in order to ensure that proper privacy procedures are being followed.
  • Patient records containing PHI must be stored in a secure manner so that they are not accessible to those who do not need to see them.

Permitted Uses and Disclosures

The following are examples of uses and disclosures that do not require patient authorization under the HIPAA Privacy Rule.

  • Treatment, payment or healthcare operations
  • Appointment reminders
  • Health benefit plan eligibility
  • Public health activities
  • Research
  • Certain uses or disclosures required by law

Sharing Information

Sharing of information is critical in hipaa in order to maintain the privacy of patients.

The Privacy Rule also permits the use and disclosure of health information needed for patient care and other crucial purposes.

  • Information can be shared with health care professionals for treatment, payment, and health care operations without a signed consent form from the patient.
  • Information may be shared about an incapacitated patient if it is believed to be in the patient’s best interest.
  • Health information can be shared for research purposes.
  • Email, telephone, and fax machines may be used to communicate with other healthcare professionals and with patients, as long as safeguards are used.

Sharing Information of the customer or consumer with Family Members.

  • Providing information to a patient’s loved ones or those involved in their care helps everyone to be on the same page and coordinate the best possible care.
  • Oftentimes, family members or others responsible for a patient’s care will want to know the general status of the patient or where they are located.
  • Some essential pieces of information that should be included in a hospital directory for patients are their phone number and room number.
  • If a patient has religious affiliation, hospitals are responsible for notifying members of the clergy.

Conclusion

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 in order to protect the confidentiality of health information. The HIPAA Privacy Rule was established to put this into effect. The Privacy Rule regulates how covered entities may use and disclose Protected Health Information (PHI). PHI is defined as any information that can be used to identify an individual and that is related to their health. Covered entities include health plans, healthcare