What is HIPAA?
HIPPA stands for the Health Insurance Portability and Accountability Act (1996)
This is a Federal Statute to improve national standards for electronic health care transactions, unique health identifiers, and security. Congress recognized that advances in electronic technology could erode the privacy of individually identifiable health information.
What Information is Protected?
The Privacy Rule protects all “individually identifiable health information“ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI), which covers:
1. The individual’s past, present or future physical or mental health or condition.
2. The provision of health care to the individual.
3. The past, present, or future payment for the provision of health care to the individual.
4. Info that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. (ex: name, address, birth date, Social Security number)
The Privacy Rule excludes employment records that a covered entity maintains in its capacity as an employer.
Sidenote: De-Identified Health Information
There are no restrictions on the use or disclosure of de-identified health information De-identified health information neither identifies nor provides a reasonable basis to identify an individual.
The Privacy Rule Continued
The HIPAA Breach Notification Rule requires covered entities to notify affected individuals, HHS, and in some cases, the media of a breach of unsecured PHI. The Breach Notification Rule also requires business associates of covered entities to notify the covered entity of breaches at or by the business associate.
Conclusion
The reality is that HIPAA compliance is not an event, but an on-going process that requires yearly compliance activities with documentation to support the accomplishment of at least these activities:
-monitoring technical safeguards
-monitoring administrative safeguards
-monitoring physical safeguards
-logging HIPAA breaches or violations and processes of corrections