HIPAA Law and the Privacy Rule to Protect Your Medical Information

Protecting the Privacy of Your Medical Records - HIPPA and the Privacy Rule

Medical Privacy Rule Maintaining Personal Info Confidential with HIPPA
Understanding the HIPPA Privacy Rule and How it Protects Your Medical Data. Danil Melekhin / E+

How to Know if Your Personal Health Care Data and Information is Safe

Everyone is concerned about protecting their privacy, and with the massive amount of information and personal data stored electronically today, it is no wonder you might wonder what your health care provider is doing to protect your health care information. Fortunately the HIPPA Law and Privacy and Security Rules have been in place to protect your sensitive data starting in 1996, with revisions due to our changing environment and advancements in technology through the years.

 

What is the HIPAA Law and Privacy Rule?

The Health Insurance Portability and Accountability Act (HIPPA) and the HIPPA Privacy Rule set the standard for protecting sensitive patient data by creating the standards for the electronic exchange, and privacy and security of patient medical information by those in the healthcare industry. As part of HIPAA, Administrative Simplification Rules were designed to protect patient confidentiality, while allowing for medically necessary information to be shared while respecting the patients rights to privacy. Most healthcare providers, health organizations, and government health plans that use, store, maintain, or transmit patient health care information are required to comply with the privacy regulations of the HIPAA law.  

What is the Purpose of the HIPPA Act and Privacy Rule?

The main purpose of HIPPA was to help individuals maintain health insurance coverage by: simplifying administrative procedures (Administrative Simplification Rules) and controlling administrative costs.

With so much information changing hands between medical providers and health insurers and so many other parties in the health care services world, the HIPPA Act  looked to simplify handling of documentation and sensitive patient information in the healthcare industry, while protecting the confidentiality of the patient's healthcare information.

 

Is HIPPA the Only Law That Protects Patient Confidentiality and Health Records?

No, HIPPA is a federal law, there are many other individual laws that touch on protecting individuals privacy and handling of data contained in medical records. These laws and rules vary from state to state. HIPPA is a baseline standard and each state may add to it and have their own additional standards.

How Does HIPPA and the Privacy Rule Protect Me?

The HIPAA law is focused on simplifying the health care system and ensuring security for patients. Title IV is a safeguard ensuring the protection of privacy for your medical information. Along with federally ensuring your privacy, the HIPAA law is intended to lead to reduced fraudulent activity and improved data systems. When fully adhered to by all that are required to comply, 

4 Rules of HIPPA for Compliance by Health Care Providers

  • HIPAA Privacy Rule - Protecting the type of data that is communicated
  • HIPAA Security Rule - Protecting the databases and data for security
  • HIPAA Enforcement Rule - Indicates procedures for enforcement and procedures for hearings and penalties.
  • HIPAA Breach Notification Rule - Requires healthcare providers to notify individuals when there has been a breach of protected health information

What is the Purpose of the HIPPA Security Rule

The HIPPA Security rule addresses the requirements for compliance by health service providers. In order for a service provider to be HIPPA compliant, they must meet the conditions set forth by the HIPPA Security Rule. This includes the requirement and guidelines surrounding appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI).

What is Protected Health Information (PHI)?

Protected Health Information under the Privacy Rule includes any information that may be transmitted or kept by one of the entities covered under the HIPPA Law that includes individually identifiable health information. Individually identifiable health information includes any information that may identify the patient as an individual such as name, address, birth date, Social Security Number. It also includes in either the present, past or future any information related to the patients physical or mental health, the provision of health care to the individual or information regarding payment for the provision of health care to the patient. 

What is De-Identified Health Information?

There are no restrictions on de-identified health information, de-indentified health information is information that can not be tied back to an individual as it has been stripped of all individualized information that could identify the individual and therefore has no identifying properties and provides no risk.

Who Does the HIPPA Privacy Rule Apply To?

The Privacy Rule, as well as all the Administrative Simplification rules, apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”)

Examples of People or Companies That HIPPA Does Not Apply to

  • direct to consumer (DTC) genetic testing companies
  • mobile apps used for health and fitness purposes
  • alternative medicine practitioners
  • state agencies, like child protective services
  • law enforcement agencies
  • life insurance companies
  • schools
  • your employer

How Do I Make Sure My Healthcare Provider is Taking Steps to Comply With the HIPAA Regulations?

Some health care providers have taken steps such as controlling access to offices with medical files by electronic key card systems and only allowing employees limited access to the minimum amount of information needed. In addition, the use of special services to make electronic transactions secure is also being used by many medical facilities and insurance providers. If you have concerns about what your health care provider or physician is doing to comply with the HIPAA law, ask them what steps they have taken to ensure your privacy. Remember that if they are HIPPA compliant, they had a long list of things to do to be considered HIPPA compliant. Privacy laws and protection of sensitive patient data is taken very seriously. There is a good chance that they are following these rules very strictly because it is the law.

If your health insurance is from a small, self-administered health organization, they may not have to comply to the HIPAA regulations. It is important to check with them to see if they are complying, and if not, what steps are they taking on their own to ensure your privacy.

Are There Any Privacy Exceptions to the HIPAA Law?

HIPAA's privacy exceptions give health care providers and others who are required to follow HIPAA an exception in some areas where they don't have to follow the rules outlined by the act and rules. You should inform yourself about the top three most common HIPAA privacy exceptions so you can be aware of what information or medical data about you may be legally disclosed and is not covered under HIPPA protection.

 

Continue Reading...