The Health Insurance Portability and Accountability Act, also know as HIPAA, is designed to protect patient security. HIPAA allows patients to access their own health information, but also keeps that information protected from outside sources. The HIPAA Privacy, Security and Breach notification rules aim to provide security and privacy for all health information. Certain institutions must follow these rules, such as health plans, health care clearinghouses, and healthcare care providers that manage certain transactions electronically.
The HIPAA Privacy Rule
The HIPAA Privacy Rule keeps a patient’s protected health information (PHI) secure. Protected health information includes a variety of information. It refers to specific information, such as a patients name, social security number, past and present medical records, and health care payments. Patient’s have access to their medical records and can make changes under the rule. Protected health information is secure in every form whether it is electronic, verbal, or paper.
Institutions must inform patient’s about the HIPAA Privacy Rule and ensure all employees are following the rule. Although the rule requires institutions to secure protected health information, they may share PHI in certain instances. Health care workers may share PHI for the purpose of coordinating care with other health care providers. They can also share PHI with certain family members and friends, if the patient agrees.
When using an electronic device, it is important to use certain safeguards. Simply using a password, firewall, and security software are a few of the ways to ensure the protection of PHI.
The HIPAA Security Rule
The HIPAA Security Rule refers to the protection of electronic protected health information (ePHI). The rule ensures ePHI is only available to authorized persons. It also requires that ePHI may not be changed or discarded, unless someone is authorized to do so. Those allowed to access ePHI must have access whenever they deem necessary.
Similar to the Privacy Rule, the Security Rule also requires the use of safety measures when dealing with electronic protected health information. Under the Security Rule, employees must solve any problems associated with security and adhere to these specific rules.
The HIPAA Breach Notification Rule
The HIPAA Breach Notification Rule requires institutions to notify those affected if a breach does occur. A breach occurs when unauthorized persons use or expose protected health information, affecting the security/privacy of PHI. If a breach does occur, authorities must be notified within 60 days. Institutions must be notified of a breach by a HIPAA business associate as well.
Who Must Follow These Rules?
HIPAA business associates and certain covered institutions are required to follow these rules. Health plans, health care clearinghouses and health care providers must follow the guidelines set forth by HIPAA. Health plans include health maintenance organizations, health insurance companies and company health plans that provide or pay for health care. A health care clearinghouse refers to an institution that processes health care transactions, such as billing services or repricing companies.
Health care providers that use electronics to keep track of health information must also follow these rules. Health care providers can be doctors, psychologists, nursing homes or dentists. All of these covered institutions, as well as business associates, must comply with these rules set forth by HIPAA.
Get Certified
American Medical Compliance (AMC) is a leader in the industry for compliance, Billing and HR solutions. It is important for healthcare providers to understand all the HIPAA rules as it applies to them and their patients. To become certified, please visit us at: www.americanmedicalcompliance.com.
References:
Centers for Medicare & Medicaid Services (2021, May). HIPAA Basics for Providers: Privacy, Security and Breach Notification Rules. Retrieved from https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurity.pdf