Anyone who works in the healthcare or insurance industry is familiar with and must comply with HIPAA, the Health Insurance Portability and Accountability Act. The United States Congress enacted HIPAA in 1996 to create regulations that were designed to provide the ability to transfer and continue health insurance; mandate industry-wide standards for healthcare and electronic billing; reduce healthcare fraud and abuse; and require the protection and confidential handling of protected health information (PHI).
But what does that mean? In layman’s terms, it does a couple of things. First of all, it sets standards by which anyone who provides healthcare must abide by in the office and for billing. Second, it allows the consumer to transfer health insurance from one provider to another while maintaining the same confidentiality and standards as the previous provider.
Third, it prevents your doctor or healthcare provider from discussing your patient information with or around anyone that you have not given permission to know that information. It’s the reason that your pharmacist takes you aside to discuss your prescription instead of while you stand in line.
This falls under the Department of Health and Human Services as part of the HIPAA Privacy Rule. Basically, setting the standards for the protection and privacy of your health information. The other side of is the HIPAA Security Rule. This Security Standards for the Protection of Electronic Protected Health Information sets standards and rules for that information used or transmitted by the healthcare industry technical and non-technical safeguards that they consider a “covered entity” to protect a person’s electronic protected health information (e-PHI).
The Privacy Rule applies to health plans, healthcare clearing houses and any healthcare provider who transmits health information in electronic form for those who are covered under HIPAA as “covered entities.” The information covered includes:
- The individual’s past, present or future physical or mental health or condition.
- The provision of health care to the individual
- The past, present, or future payment for the provision of health care to the individual.
Did you know that 41% of Americans have never seen their health information?
Since 1996, the healthcare industry has begun moving away from paper documents and files and more towards electronic versions of this information. With concerns of hackers or the security of cloud-based storage, what does the healthcare industry need to be vigilant about when it comes to not just the security of their patient’s data, but also be HIPAA compliant? Here are a few key items to keep in mind:
In 2009, a supplemental act was passed called the Health Information Technology for Economic and Clerical Health (HITECH) Act, which supports the enforcement of HIPAA by raising the penalties of those healthcare organizations that fail to comply with the Privacy and Security rules. This HITECH Act was in response to the increased development, use, storage and transmittal of health information in electronic form.
As society turns to electronic devices and the cloud more and more for all things, there is an ongoing push to store records and data on the cloud and to be able to access patient data from anywhere through a wireless device. Your doctor might keep your records in a computer that sits in the office. Your eye doctor might use a tablet to enter your information or schedule an appointment. Having your information at their fingertips can save time, as long as they are being careful and maintaining their HIPAA compliance.