Complying with HIPAA Privacy Rule
What is HIPAA?
HIPAA: Health Insurance Portability and Accountability Act
It was passed by Congress in 1996
It includes requirements for:
Transfer and continuation of health insurance coverage for millions of American workers and their families when they change or lose their jobs
Reducing healthcare fraud and waste
The protection and confidential handling of protected health information
HIPAA Privacy Rule
Establishes national standards to protect individuals’ medical records and other personal health information
Imposes restrictions on the use/disclosure of personal health information
Gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
Applies to:
health plans,
healthcare clearinghouses, and
those healthcare providers that conduct certain healthcare transactions electronically.
What is Protected Health Information (PHI)?
Protected Health Information (PHI) or “Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
and any information that identifies the individual
Individually identifiable health information can be the name, address, birth date, Social Security Number and so on
What is Notice of Privacy Practices?
Each covered entity must provide a notice of its privacy practices.
The notice, in plain language, must include:
the ways in which the covered entity may use and disclose protected health information
the covered entity’s duties to protect privacy, provide a notice of privacy practices, and abide by the terms of the current notice
the individuals’ rights, including the right to complain to HHS and to the covered entity if they believe the
226 views • 8 slides