Transcript HIPAA

HIPAA
Health Insurance Portability and
Accountability Act
INTRODUCTION
HIPAA PRIVACY RULE
• The HIPAA privacy rule establishes a set
of national standards for the protection of
certain health information.
• The US Department of Health and Human
Services issued the Privacy Rule to
implement the requirement of the Health
Insurance Portability and Accountability
Act of 1996 (HIPAA).
Purpose
1. To address the issue of disclosure of
individual health information.
2. To address the standards for
individuals’ privacy rights to understand
and control how their health information is
used.
Statutory and Regulatory
Background
• Enacted on August 21, 1996.
• Publicize standards for the electronic
exchange, privacy and security of health
information.
Who is Covered by the Privacy
Rule?
• Health Plans that provide or
pay the cost of medical care
are covered entities.
1. health
2. dental
3. vision
4. prescriptions drug insurers
5. Health maintenance
organizations (HMO)
6. Medicare
7. Medicaid
8. Medicare+Choice
9. Medicare supplement
insurers
10. Long term insurers
11. Employer sponsored group
health plans
12. Gov’t and church
sponsored health plans
13. Multi-employer health
plans
Who is Covered by the Privacy
Rule? (cont)
• Health Care providers
who electronically
transmits health
information.
Who is Covered by the Privacy
Rule? (cont)
• Health Care
Clearinghouses that
process nonstandard
information they receive
from another entity into a
standard or vice versa.
• Health care
clearinghouses include
billing services, repricing
companies, and
community health
information systems.
What Information is Protected?
• The Privacy Rule protects all “individually
identifiable health information” held or
transmitted by a covered entity or business
associate, in any form or media whether
electronic, paper, or oral.
1. past, present, future physical or mental
condition.
2. the care provided
3. payment history.
4. demographics (name, address, etc)
General Principle for Uses and
Disclosures
• To define and limit the circumstances in
which health information may be used or
disclosed, except
1. as permitted or required
2. or authorized in writing by the individual.
• Protected health information may be
disclosed in only two situations.
1. upon the individual’s request
2. in the case of an investigation by HHS.
Permitted Uses and Disclosures
•
A covered entity is permitted to
use and disclose protected health
information, without an individual’s
authorization:
1. To the individual
2. Treatment, payment, and health
care operations.
3. Opportunity to agree or object
4. Incident to an otherwise
permitted use and disclosure.
5. Public interest and benefit
activities
6. Limited date set for the purpose
of research, public health or health
care operations.