PPeople with pProfessionals in hospitals, doctor’s offices, and medical facilities must abide by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, but what exactly does this act entail? President Clinton signed onto the act as a way to protect health insurance coverage for workers and their families when they change or lose their jobs. It was also created to protect health data integrity, confidentiality, and availability. The main goals of this act were to enhance our healthcare system, making it simpler, more efficient, and less costly to navigate. With the help of this mandate, we have seen a tremendous improvement in business and system formats, which has allowed the U.S. healthcare system to save billions of dollars and provide better services to the general public, insurers, and providers.
HIPAA places various legal requirements on the healthcare industry, and in this blog, we’re going to take a look at some key elements of the act including who is covered and what information is protected.
The HIPAA Privacy Rule
The HIPAA Privacy Rule works to establish national standards to protect each person’s medical records and other critical health information as it pertains to their health plans and healthcare providers. This rule requires facilities to take the appropriate safeguards to protect the privacy of personal health information that can be found in medical facilities, hospitals, and beyond. This rule also gives patients access to their personal health information, including the right to obtain a copy of their health records upon request.
One of the main goals of the Privacy Rule is to assure that each individual’s’ health information is safely protected, while still allowing the flow of health information to provide quality health care. Among other provisions, the Privacy Rule works to:
- Give patients more control over their personal health information.
- Set proper boundaries on the use and release of these health records to ensure patient security.
- Establish appropriate safeguards that healthcare providers must achieve to protect the privacy of their patient’s health information.
- Generally limit the release of information for the purpose of disclosure.
- Give patients the right to obtain a copy of their own health records and to request corrections.
Providers and health insurers who are required by law to follow the Privacy Rule must keep their critical information private by teaching their employees how to properly and securely share patient information. It is also important to note that your health information cannot be used or shared without your written permission unless the law allows it.
Who is Covered by the Privacy Rule?
The Privacy Rule applies to health plans, healthcare clearinghouses, and any other type of healthcare provider who transmits health information electronically. If you need help determining whether or not you are covered, use this online tool. Let’s take a closer look at the parties that are affected by this rule below.
If you are under an individual or group healthcare plan that provides or pays the cost of medical care, you are covered under this rule. Contrary to popular belief, health plans and dental, vision, and prescription drug insurers are also covered by the Privacy Rule. Health plans may also include employee-sponsored group health plans, government health plans, church-sponsored health plans, and multiemployer health plans.
There are some exceptions, like a group health plan with less than 50 participants that is administered solely by the employer is not a covered entity. There are also two types of government-funded programs that are not considered health plans, which are:
- Health plans whose principal purpose is not providing or paying the cost of health care, such as food stamp programs.
- Programs whose principal activity is to directly provide healthcare, including community health centers.
No matter what size a healthcare provider is, if they electronically transmit health information to other parties, they are considered a covered entity. Some of these transactions may include claims, benefit eligibility inquiries, or other transactions. The Privacy Rule covers a healthcare provider whether they electronically transmit these transactions or they use a billing service to do so.
Healthcare clearinghouses are entities that process nonstandard information they receive from another entity into a standard format or data content. In most cases, these entities will receive individually identifiable health information only when they are providing these services for a health plan or health care provider.
What Information Is Protected Under The Privacy Rule?
According to government documents, the Privacy Rule protects all “individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.” This “individually identifiable health information” may include demographic data that relates to:
- The individual’s past, present, or future physical and mental health conditions.
- The provision of healthcare to the individual.
- The past, present, or future payment for the provision of healthcare to the individual.
HIPAA Compliant Email & Messaging Services
If you’re looking for a HIPAA compliant messaging service, look no further than Inpriva’s hDirectMail Plans. Originally developed for interoperable and secure messaging between healthcare providers and their business associates, our hDirectMail plans have been extended to support the needs of secure collaboration required by judicial systems, public health services, social services, and more. hDirectMail plans start at just $99 a year for up to three hDirect mailboxes! If you’re interested in learning more about Inpriva, contact us today!