Summary of HIPAA
Public Law 104-191, the Health Insurance Portability and Accountability Act of 1996, became law on August 21, 1996. The act provides guidelines for the distribution and protection of individually identifiable healthcare information. The guidelines affect healthcare consumers, medical care providers, health insurance providers and researchers. Consumers can access detailed information on various aspects of the law on the U.S. Department of Health and Human Resources website. (see Resources)
Other People Are Reading
-
Definition
-
HIPAA addresses the ease of information sharing through electronic record-keeping. Designed to protect individuals from an inappropriate dissemination of their medical information, the act defines what can be shared, what cannot be shared without permission and what the patient can access of his own medical records.
Benefits
-
The clear boundaries drawn by the act assure the consumer that his information will be protected from indiscriminate publication. The act provides avenues for redress in the event a breach occurs and penalties for those who violate the act. With expectations spelled out for all parties, HIPAA alleviates ambiguity as to what is privileged and what is not.
-
Protected Information
-
The Privacy Rule of HIPAA applies to all types of patient information, written, oral or electronic, that can be identified as belonging to the patient. The Security Rule covers electronic security and requirements for those maintaining protected information to actively prevent breaches of information. Doctor's notes in the patient's record, lab test results, conversations between providers about a patient, billing information at the provider's office and information sent to insurance providers come under the umbrella of protected information.
Consumers
-
Patients rely on HIPAA for the right to access information from their own medical records and add corrections when needed. They have the reassurance that the information will be shared only with those who have a legitimate need to see it or have been given permission by the patient. A patient is entitled to a report detailing who received her information.
Care Providers
-
If the patient feels at risk, she can ask that test results and phone calls be sent to an alternate address or telephone number. Providers must honor the request to make contact somewhere other than the patient's home.
Care providers may not discuss a patient's case with other professionals who are not part of the healthcare team unless the patient grants permission.
Healthcare providers can report statistical information to governmental oversight organizations such as public health organizations and the Centers for Disease Control. A physician could report, for example, a total of 27 cases of influenza treated but could not identify the patients.
Insurers
-
Insurers must take all reasonable steps to protect the information provided to their company in the course of settling insurance claims. They may not release individually identifiable information to those who have no need for the data.
-
References
Resources
- Photo Credit file image by Byron Moore from Fotolia.com
