Transcript HIPAA
HIPAA Health Insurance Portability and Accountability Act INTRODUCTION HIPAA PRIVACY RULE • The HIPAA privacy rule establishes a set of national standards for the protection of certain health information. • The US Department of Health and Human Services issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Purpose 1. To address the issue of disclosure of individual health information. 2. To address the standards for individuals’ privacy rights to understand and control how their health information is used. Statutory and Regulatory Background • Enacted on August 21, 1996. • Publicize standards for the electronic exchange, privacy and security of health information. Who is Covered by the Privacy Rule? • Health Plans that provide or pay the cost of medical care are covered entities. 1. health 2. dental 3. vision 4. prescriptions drug insurers 5. Health maintenance organizations (HMO) 6. Medicare 7. Medicaid 8. Medicare+Choice 9. Medicare supplement insurers 10. Long term insurers 11. Employer sponsored group health plans 12. Gov’t and church sponsored health plans 13. Multi-employer health plans Who is Covered by the Privacy Rule? (cont) • Health Care providers who electronically transmits health information. Who is Covered by the Privacy Rule? (cont) • Health Care Clearinghouses that process nonstandard information they receive from another entity into a standard or vice versa. • Health care clearinghouses include billing services, repricing companies, and community health information systems. What Information is Protected? • The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or business associate, in any form or media whether electronic, paper, or oral. 1. past, present, future physical or mental condition. 2. the care provided 3. payment history. 4. demographics (name, address, etc) General Principle for Uses and Disclosures • To define and limit the circumstances in which health information may be used or disclosed, except 1. as permitted or required 2. or authorized in writing by the individual. • Protected health information may be disclosed in only two situations. 1. upon the individual’s request 2. in the case of an investigation by HHS. Permitted Uses and Disclosures • A covered entity is permitted to use and disclose protected health information, without an individual’s authorization: 1. To the individual 2. Treatment, payment, and health care operations. 3. Opportunity to agree or object 4. Incident to an otherwise permitted use and disclosure. 5. Public interest and benefit activities 6. Limited date set for the purpose of research, public health or health care operations.