Summary of the HIPAA Privacy Rule

The Health Insurance Portability and Accountability Act (or HIPAA) was introduced by the federal government for ensuring greater protection of Personal Health Information (PHI). HIPAA Final Rules were published in 2003, in the Federal Register, and were put into effect in April 2005. HIPAA Privacy Rule was issued by the HHS—The U.S. Department of Health and Human Services. The Privacy Rule sets standards that define the usage, disclosure or sharing of a person’s health information. HIPAA regulations seek to ensure more integrity across every stage where PHI is used by any entity. For instance, the standards set as per HIPAA 4010 are aimed at setting the benchmarks for medical coding at the time of claims processing. HIPAA represents a slightly flexible, continuously progressive and healthcare industry-sensitive regulatory authority. For instance, the HIPAA 4010 benchmarks were later updated to HIPAA 500 transaction standards and all covered entities were scheduled to adopt these by January 2012. Acknowledging the cost and technology related challenged faced by covered entities, this date was later extended to March 2012.

HIPAA Compliance is Critical
Healthcare organizations, including offices of physicians and hospitals and their related business associates are referred to as Covered Entities under the Privacy Rule settings. Essentially, all types of healthcare providers, healthcare clearinghouses and health plans need to ensure HIPAA compliance to avoid facing severe legal and financial penalties.

HIPAA Compliance & Electronic Records
HIPAA's Security Rule is applicable only to Protected Health Information and refers to data that is transmitted, created or maintained electronically. This is why covered entities of all sizes are requested to adopt imaging and scanning systems for converting paper medical records into the digitalized format and software solutions for systematically indexing, storing and retrieving the electronic records.

HIPAA Requirements for Covered Entities include:

  • Ensuring integrity of all types of electronic or digital PHI—this includes any kind of personal health information received, transmitted, stored or created.
  • Resolving any anticipated threats to the overall integrity of PHI.
  • Ensuring compliance with HIPAA standards in the workplace environment, across all employees and processes.
  • Ensuring updates/changes introduced in HIPAA Security Rule regulations are systematically tracked and followed.

What kind of information HIPAA seeks to secure?
It is vital to understand things included as a part of Patient Health Information to understand the extent of HIPAA. This includes:

  • Information included in the medical record of individuals by nurses, doctors or the physician’s office staff.
  • Recorded conversations between the physician and patient and those where the doctor shared course-of-treatment (patient details) with other healthcare professionals.
  • Billing and coding information that is part of the transaction processing of claims forwarded to clearinghouses.

HIPAA Advantages to People
With HIPAA guidelines being followed by healthcare facilities of all types, people can feel relaxed about their health information being guarded comprehensively and being shared in a proper, tracked manner. HIPAA benchmarks ensure that without the authorization of the patient, a healthcare provider cannot share PHI with an employer, marketing or advertising agencies and with other medical health professionals. Patients can seek a copy of their health records and seek corrections in their recorded health information. In most circumstances, they have a right to be notified every time their health information is being shared.