Do you understand how the HIPAA law effects your business in 2020? Here is a short guide to everything you need to know about HIPAA and how it effects you.
Have you received any type of medical care since 1996? If so, then the HIPAA law has protected you. Do you wonder what it is and how it affects you?
Over recent decades, our society has become more concerned about maintaining privacy. This includes personal health-related information. Many worry about losing jobs or insurance if their medical information becomes public.
This article provides an overview of the HIPAA laws. Their purpose is to protect personal health data. Keep reading to learn more.
What Is the HIPAA Law?
The Health Insurance Portability and Accountability Act of 1996 is commonly called the HIPAA law. This federal law created a national standard for protecting sensitive patient information.
The U.S. Department of Health and Human Services (DHS) also issued the HIPAA Privacy Rule. These rules, combined with the HIPAA Security Rule, provide comprehensive protection. The following summarizes the intent of each piece of legislation.
HIPAA
HIPAA with the Administrative Simplification provisions establishes national data management standards. This created code sets, unique health identifiers, and defined security protocols.
This resulted from advances in electronic data use, transfer, and storage. Congress recognized that the transition to an electronic format created increased privacy risk.
HIPPA Privacy Rule
The Privacy Rule addresses protected health information (PHI). PHI refers to all identifiable health information. The rules apply to health plans, healthcare clearinghouses, or providers who handle PHI.
Examples of PHI include, but aren’t limited to:
- Name
- Social security numbers
- Addresses
- Phone numbers
- Test results
- Diagnoses
It also includes personal and behavioral attributes that can help single out an individual. All of this data must receive protections from unauthorized release or use.
The Security Rule
DHS published the Security rule in 2003. This rule focuses on safeguarding electronic PHI (ePHI). This applies to all covered entities that collect, handle, transfer, or store ePHI. Thus, it doesn’t apply to oral or written management of ePHI.
To be HIPAA Security Rule compliant, covered entities must meet the following standards:
- Establish procedures protecting ePHI confidentiality, integrity, and accessibility
- Establish safeguards to detect and resist anticipated cybersecurity threats
- Establish policies to protect against unauthorized use or disclosure of ePHI
- Maintain compliance certification
Failure to comply with HIPAA standards can result in civil fines or criminal penalties. All complaints are directed to the DHS Office for Civil Rights.
Who Is a Covered Entity?
There are four groups designated as covered entities. These individuals and organizations must adhere to the Privacy Rule.
Healthcare Providers
Any healthcare provider who electronically sends patient health information is a covered entity. There’s no differentiation according to the practice size for the transaction rules. “Transactions” include filing claims, checking benefit eligibility, and requesting referral authorization.
Health Plans
Any business that provides coverage or pays for medical care is a covered entity. Examples include:
- Health, vision, dental, and prescription drug insurance companies
- Health maintenance organizations
- Medicare
- Medicaid
- Medicare + Choice
- Long-term care insurers
- Employer-, government-, and church-sponsored group health plans
- Multi-employer health plans
There is an exception for group health plans that include less than 50 members. The plan must involve only one employer. In this case, the group would not be a covered entity.
Healthcare Clearinghouses
Any organization that receives identifiable PHI and processes it into a standard format is a covered entity. These businesses often only process data for health plans or providers. They act as a business associate.
Business Associates
Any organization or person who works with a covered entity must adhere to the Privacy Rule. This includes activities, services, and functions involving PHI receipt, handling, transfer, or storage. Examples include data analysis, billing, utilization review, and claims processing.
Can a Covered Entity Use PHI Without Permission?
There are specific circumstances that allow a covered entity to use or disclose PHI. These situations don’t need the person’s authorization. Examples include:
- When the data is needed for access or documentation of PHI disclosures
- When the data is essential to healthcare, treatment, or payment processes
- When informal permission for disclosure of PHI is given verbally or without objection
- The data has a direct relationship to a permitted use or disclosure
PHI disclosure permission is waived If the data meets national priority regulations. This may include health and public oversight activities, law enforcement situations, or abuse. It also applies to deceased persons, essential government functions, and workers’ compensation.
The 10 Most Common HIPAA Privacy Breaches
The HIPAA law addresses accidental or planned sharing or failing to safeguard PHI. The following describes the most common HIPAA violations:
- Unauthorized staff accessing a person’s health records
- Failure of an organization to perform a comprehensive risk analysis
- Unauthorized disclosure of PHI
- Failure to document training of personnel regarding HIPPA rules
- Failure to ensure that a business associate is HIPAA compliant
- Denying patients access to their own records
- Sharing PHI online via social media
- Failure to remove the credentials of employees who no longer work for the company
- Failure to encrypt devices that leave the facility with an authorized staff member
- Improper disposal of PHI
Breaches may occur by accident or through cyberattacks. It’s vital that organizations report data compromise within 60 days. They must also show due diligence in protecting the data.
COVID-19 Related HIPAA Exemptions
DHS instituted HIPAA exclusions in response to COVID-19. Many health-related services have moved to telehealth which brings new challenges. In response, DHS now exempts telehealth providers from HIPAA violations.
This does not mean that PHI security has been thrown out the window. The providers must show good faith in preventing breaches of the security rules. All healthcare organizations must still adhere to HIPAA security compliance.
Do You Like Staying Up to Date?
Knowing about the HIPAA law and its protections is key for patients and healthcare entities. Increased use of electronic data transmission raises the risk of data breaches. The best protection is becoming educated and following the compliance rules.
Our site gives you valuable information that impacts your life, such as the HIPPA laws. You will find information about finance, business, and technology. We also cover general news about politics, entertainment, and world issues.
Bookmark our site today so you can return and find out what’s going on in the world.