HIPAA - Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. The legislation was intended to improve the portability and continuity of health insurance coverage in the group and individual markets; to combat waste, fraud and abuse in health insurance and health care delivery; to promote the use of medical savings accounts; to improve access to long-term care services and coverage; and to simplify the administration of health insurance. The administrative simplification part of the legislation included requirements for development of a wide range of privacy protections.

The purposes of the privacy regulations are threefold:

1. to protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information;
2. to improve the quality of health care in the U.S. by restoring trust in the health care system among consumers, health care processionals, and the multitude of organizations and individuals committed to delivery of care; and,
3. to improve the efficiency and effectiveness of health care delivery by creating a national framework for health privacy protection that builds on efforts by states, health systems, other organizations and individuals.

For the average healthcare provider or health plan, the Privacy Rule requires activities such as:

1. Notifying patients about their privacy rights and how their information can by used;
2. Adopting and implementing privacy procedures for its practice, hospital, or plan;
3. Training employees so that they understand the privacy procedures;
4. Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed; and
5. Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.

Who is subject to HIPAA?

HIPAA regulations apply to entities that fall into three categories:

1. Health plans
2. Health care clearinghouses (who process nonstandard data elements into standard data elements)
3. Health care providers who electronically transmit any health information in a HIPAA-covered "transaction". These electronic transactions are the ones for which standards have been adopted by DHHS.

Business Associates, that is, individuals or entities who/which access and use protected health information to perform functions on behalf of Covered Entities, are subject to HIPAA regulations, not directly, but through contracts with a Covered Entity.

Employers are also subject to HIPAA if the employer self-insures its employees, or manages a health reimbursement or employee assistance plan. An employer is not subject to HIPAA simply because it maintains individual health information.

Get access to all HIPPA material. Click here to become a member: www.hrresource.com/account.php

Related Products

Health Savings Accounts

Live Teleconference
November 10, 2008
Price: $199.00

Everything You Wanted to Know About Drug and Alcohol Testing but Were Afraid to Ask

Live Teleconference
October 23, 2008
Price: $199.00

Related Information

Articles

• Penalizing Applicants and Employees For Smoking: A Potential Smoking Gun?
• Employee Benefit Plan Sponsors Impacted By Recent Hurricanes
• Disease Management: Legal Implications

Blogs

• DIVERSITY AND DISABILITY
• Controlling Medical Trend
• Did you miss the H-1B visa cap? – Part II

• Did you miss the H-1B visa cap? – Part I

View All

Whitepapers

• An Employer's Guide to Health Saving Accounts
• Top 20 FMLA Questions
• Unemployment Compensation
• Effective Interviewing Techniques