Overview of the Health Insurance Portability and Accountability Act (HIPAA)
Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The purpose of this law is to protect private individual health information from being disclosed to anyone without the consent of the individual. Except under unusual circumstances, the consent needs to be in writing.
However, there are some exceptions to the consent provision. The consent provision does not apply in the following situations:
Treatment
Billing
Quality assurance
Peer review
Business planning activities
Staff training
Required reporting to public health agencies
Certain emergency situations
Research studies that have obtained a wavier from the Institutional Review Board (IRB)
Research
Private health information can be used in research studies if it is “de-individualized” so that the identity of the individual cannot be ascertained from the information disclosed. For example, if you were conducting a study of the lung problems suffered by New Yorkers after the 911 terrorist attacks, it would be permissible to identify a patient as, a 50 year old, 5′11′, 175 lb., while male from New York City with high blood pressure.
Marketing
Health care providers are prohibited from selling or using their patient or enrollees lists to market products from a third party. However, they can use their list to communicate with or sell their own services to their list members. Great care must be taken to restrict access when using online collaboration, such as an intranet.
Business Associates
All business associates, vendors or other contractors that use the health care provider’s facility must sign a contract stating that they understand and agree to be bound by HIPAA regulations. The health care provider can be held responsible for the actions of the business associate if they did not sign a contract or there was a history of abuse and the health care provider did noting about it.
Individual Rights
Under HIPAA, individuals have the right to:
Notice of the health provider’s privacy practices
Request restrictions on who is allowed to access their health information
Access, inspect or copy their personal health information
Request an accounting of all disclosures of their health information
Request corrections or amendments to their health information
Health Care Providers Responsibilities
Health care providers are required to:
Provide security for both paper and electronic individual health information
Institute a complaint process to investigate complaints
Train staff on the law
The HIPAA regulations allow for both civil monetary and criminal penalties for violations of the act.
Malcolm Brown is Vice President of Trichys, providers of intranets and extranet solutions for health care and HIPAA compliance.
Related posts:
- HIPAA (Health Insurance Portability and Accountability Act of 1996)
- HIPAA-HITECH-Contingency Plan Webinar Overview
- Health Insurance Reform From Easytoinsureme Health Insurance Quotes
- Minnesota Health Care Directive- Disclosure of Health Information Governed by Hipaa
- The Importance of Health Insurance Today