HIPAA - Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. The legislation was intended to improve the portability and continuity of health insurance coverage in the group and individual markets; to combat waste, fraud and abuse in health insurance and health care delivery; to promote the use of medical savings accounts; to improve access to long-term care services and coverage; and to simplify the administration of health insurance. The administrative simplification part of the legislation included requirements for development of a wide range of privacy protections.
The purposes of the privacy regulations are threefold:
- to protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information;
- to improve the quality of health care in the U.S. by restoring trust in the health care system among consumers, health care processionals, and the multitude of organizations and individuals committed to delivery of care; and,
- to improve the efficiency and effectiveness of health care delivery by creating a national framework for health privacy protection that builds on efforts by states, health systems, other organizations and individuals.
For the average healthcare provider or health plan, the Privacy Rule requires activities such as:
- Notifying patients about their privacy rights and how their information can by used;
- Adopting and implementing privacy procedures for its practice, hospital, or plan;
- Training employees so that they understand the privacy procedures;
- Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed; and
- Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.
Who is subject to HIPAA?
HIPAA regulations apply to entities that fall into three categories:
- Health plans
- Health care clearinghouses (who process nonstandard data elements into standard data elements)
- Health care providers who electronically transmit any health information in a HIPAA-covered "transaction". These electronic transactions are the ones for which standards have been adopted by DHHS.
Business Associates, that is, individuals or entities who/which access and use protected health information to perform functions on behalf of Covered Entities, are subject to HIPAA regulations, not directly, but through contracts with a Covered Entity.
Employers are also subject to HIPAA if the employer self-insures its employees, or manages a health reimbursement or employee assistance plan. An employer is not subject to HIPAA simply because it maintains individual health information.
Get access to all HIPPA material. Click here to become a member: www.hrresource.com/account.php
Related Products
Related Information
Articles
- Health Insurance Plan - The Easy Way to Getting Health Insurance
- Soundbytes for Supervisors: Lessons Learned in the Recent Past
- Supreme Court Ruling Regarding Employee's Performance
- Time's Up - When Is 12 Weeks of Leave Not Enough?
- Penalizing Applicants and Employees For Smoking: A Potential Smoking Gun?
- Employee Benefit Plan Sponsors Impacted By Recent Hurricanes
- Disease Management: Legal Implications