HIPAA was passed by Congress in 1996 in an effort to protect everyone while improving efficiency in the healthcare sector and eliminate wastage, fraud to ensure that health information linked to an individual and would not allow them to be identified.
This act brought in a set of new standards for healthcare outfits to follow to ensure everyone is using the same rules. Standard codes and identifiers were formulated in order to make it easier for health information exchange and healthcare providers, health insurers, and their business associates were required to implement the same codes for electronic transactions to ensure data could be shared efficiently.
If you want a detailed explanation of HIPAA visit ComplianceHome. Meanwhile, keep on reading.
HIPAA defined the allowable uses and disclosures of health information, limiting who is permitted to access health information and when. HIPAA gave Americans the right to obtain copies of their health data to check their health records for mistakes and to share their records with whoever they would like to. HIPAA also set standards for safeguarding health data to make it harder for health information to be accessed by people who had no right to view it.
HIPAA is applicable to health plans, health care clearinghouses, health care providers and endorsed sponsors of the Medicare prescription drug discount card are thought of as “HIPAA Covered Entities” under the Act. In most cases, these are entities that come into contact with Protected Health Information on a constant basis.
“Business Associates” are also included in HIPAA. These are entities who do not create, receive, maintain or transmit Protected Health Information in their primary role, but who supply third party services and activities for Covered Entities during the course of which they will encounter PHI. Prior to undertaking a service or activity on behalf of a Covered Entity, a Business Associate must complete a Business Associate Agreement guaranteeing to ensure the integrity of any PHI to which it can view or download.
There have been a number of major amendments to HIPAA since it was first introduced. The Final Omnibus Rule was introduced in 2013 and since then new guidelines have been issued on how PHI must be accessed and communicated in a medical-related environment. The updated Act gives patients further rights to know and control how their health information is used and extends the controls on HIPAA-covered outfits and Business Associates to how patient information is accessed and shared.
HIPAA-covered outfits and Business Associates must put in place mechanisms to limit the transfer of information within a private network, monitor activity on the network and take measures to stop the unauthorized disclosure of PHI outside of the network. More attention must be given to completing risk assessments, and new reporting procedures have been created to cover data breaches.
Further amendments to the HIPAA Security Rule govern the conditions (“safeguards”) that must be implemented for HIPAA-compliant storage and the communication of ePHI. These “safeguards” are referred to in the HIPAA Security Rule as either “required” or “addressable”. In fact, all the safeguards are generally required – irrespective of how they are defined.
The Office for Civil Rights carries out audits on HIPAA-covered entities to see to it that they comply with the regulations. When preventable breaches of ePHI are spotted, the Office for Civil Rights has the authority to sanction financial penalties and bring criminal charges against the negligent outfit.
