Health Information PrivacyHIPAA Privacy Rule protects the privacy ofindividually identifiable health information; theHIPAA Security Rule, which sets nationalstandards for the security of electronic protectedhealth information; and the confidentialityprovisions of the Patient Safety Rule, whichprotect identifiable information being used toanalyze patient safety events and improvepatient safety.
The HIPAA Privacy Rule provides federal protections for personal health informationheld by covered entities and gives patients an array of rights with respect to thatinformation. At the same time, the Privacy Rule is balanced so that it permits thedisclosure of personal health information needed for patient care and other importantpurposes.The Security Rule specifies a series of administrative, physical, and technicalsafeguards for covered entities to use to assure the confidentiality, integrity, andavailability of electronic protected health information.
Understanding Health Information Privacy Your Health Information IsFor Consumers Protected By Federal Law Most of us believe that our medical and Most of us believe that our medical and other health information is private and other health information is private and should be protected, and we want to should be protected, and we want to know who has this information. The know who has this information. The Privacy Rule, a Federal law, gives you Privacy Rule, a Federal law, gives you rights over your health information and rights over your health information and sets rules and limits on who can look at sets rules and limits on who can look at and receive your health information. and receive your health information. The Privacy Rule applies to all forms of The Privacy Rule applies to all forms of individuals protected health individuals protected health information, whether information, whether electronic, electronic, written, or oral. The Security written, or oral. The Security Rule, a Rule, a Federal law that protects health Federal law that protects health information in electronic form, requires information in electronic form, requires entities covered by HIPAA to ensure entities covered by HIPAA to ensure that electronic protected health that electronic protected health information is secure. information is secure.
For Covered Entities The Privacy and Security If an entity is not a covered Rules apply only to covered entities. Individuals, organizat entity, it does not have to ions, and agencies that meet comply with the Privacy the definition of a covered Rule or the Security Rule. entity under HIPAA must comply with the Rules requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.
• A Health Plan• This includes:• Health insurance companies• HMOs• Company health plans• Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs
A Health Care ProviderThis includes providers such as:DoctorsClinicsPsychologistsDentistsChiropractorsNursing HomesPharmacies...but only if they transmit any information inan electronic form in connection with atransaction for which HHS has adopted astandard.
A Health Care Clearinghouse This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
Workforce Compliance♦Provide privacy training to all of its workforce,as necessary and appropriate to their functions ♦Designate a privacy official person responsible for privacy policies and procedures♦Develop and apply a system of sanctions foremployees who violate the entity’s policies
ReferencesHIPAA compliant transactions (2012). Retrieved September 12, 2012 from www.batuta.org/billing.htmlPrivacy (2012). Retrieved September 12, 2012 from www.hhs.govWolper, L. (2011) Health care administration: Managing organized delivery systems. Sudbury, Massachusetts: Jones and Bartlett Publishers.