What is HIPAA?
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. As the industry adopts these standards for the efficiency and effectiveness of the nation's health care system will improve the use of electronic data interchange.
The Entities covered by HIPAA law are:
Health Care Providers who use certain electronic transactions
Health Care Clearinghouses
- Transaction Standards and Code Sets
- National Standard Identifiers for the Provider, Employer, Health Plan and Individual
HIPAA in Practical terms
Administrative Simplification is a method of making medical practice (the billing, claims, computer systems and communication) uniform in order for providers and payers to interact with each other through each other's proprietary systems. The changes will affect such activities as:
HIPAA Privacy Right and Security
Enrolling an individual in a health plan
Paying health insurance premiums
Obtaining authorization to refer a patient to a specialist
Notifying a provider about the payment of a claim
HIPAA contains a provision that is related to Electronic Data Transactions to standardize the exchange of the data between trading partners. These transactions are mandated to be in the ANSI ASC X12 version 4010 format.
In Addition to the transactions, Software industry has introduced Electronic Medical Records. To guarantee the privacy rights and secure the access to the medical records, HIPAA provided guidlines to protect the patient's privacy.
The HIPAA regulations establish standards for protecting individually identifiable health information and for guaranteeing the rights of individuals to have more control over such information. Here is the summary of these regulations:
1- Right to ask and see a copy of your records
2- Have Correction made to you records
3- Receive a notice that your information will be shared
4- Decide whether to accept that your information can be shared
5- Get a report of when and why your record is shared
6- Ask that your information shall not be shared
7- File a complaint
The HIPAA regulations have establish standards for all health plans, clearing houses, and storage of health care information to ensure the integrity, confidentially, and availability of electronic protected health information.
The Security Rule covers only protected health information that is in electronic form and we can summarize the security standard into the following requirements.
- Administrative Safeguard
These are administrative functions that should be implemented to meet the security standards. These include assignment or delegation of security responsibility to an individual and security
More details on Administrative Safeguard Reference
- Physical Safeguard
These are the mechanisms required to protect electronic systems, equipment and the data they hold, from threats, environmental hazards and unauthorized intrusion.
More details on Physical Safeguard and recovery
- Technical Safeguard
These are primarily the automated processesused to protect data and control access to data. They include using authentication controls to verify that the person signing onto a computer is authorized to access that.
More details on on Technical Safeguard who has accesses what information?