Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) preserves the privacy of personal medical information, forbids discrimination in group health plans based on health status, and allows for special enrollment opportunities in group health plans.

HIPAA, which went into effect in August 1997, mandates the use of electronic data interchange (EDI) in medical transactions as well as the protection of patient healthcare data. For wrongfully releasing patient information, businesses face fines of up to $250,000 and ten years in prison.

Five Main components of HIPAA:

HIPAA contains five sections or titles:

1) HIPAA Health Insurance Reform: Individuals who lose or change employment have their health insurance coverage protected under Title I. It also prohibits group health plans from denying coverage to anyone who has certain diseases or preexisting conditions, as well as limiting coverage for a lifetime.

2) HIPAA Administration Simplification: Title II mandates that the US Department of Health and Human Services (HHS) develop national standards for the processing of electronic healthcare transactions. It also mandates that healthcare organizations implement secure electronic access to patient data and adhere to HHS privacy laws.

3) HIPAA Tax-Related Health Provisions: Title III contains tax provisions as well as medical care guidelines.

4) Application and Enforcement of Group Health Plan Requirements: Title IV goes into greater detail about health-care reform, including provisions for people with pre-existing diseases and those who want to keep their coverage.

5) Revenue Offsets: Title V contains provisions on company-owned life insurance and the income tax status of persons who renounce their US citizenship.

HIPAA Privacy Rule:

The HIPAA Privacy Rule, also known as the Standards for Privacy of Individually Identifiable Health Information, is the first national policy in the United States to secure individuals’ personal or protected health information (PHI).

Patients have the right to receive their personal PHI from HIPAA-covered healthcare providers upon request, according to the Privacy Rule.

Organizations that are designated HIPAA-covered enterprises are subject to the HIPAA Privacy Rule. It also necessitates the creation of a contract between a covered entity and a HIPAA business associate that imposes specified safeguards on the PHI that the BA uses or discloses.

What are HIPAA-covered entities?

HIPAA only applies to covered entities and their Business Associates.

Any institution or corporation that directly handles PHI or personal health records(PHRs)  is considered a HIPAA-covered enterprise. For the security of PHI and PHRs, covered entities must follow HIPAA and HITECH (Health Information Technology for Economic and Clinical Health) Act mandates.

Covered entities fall into three categories:

1. Healthcare providers: Doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies are all examples of healthcare providers.
2. Health plan: Health insurance companies, health maintenance organizations (HMOs), employer health plans, and government health-care programs like Medicare, Medicaid, and military healthcare programmes are all examples of health plans.
3. Healthcare clearinghouse: Healthcare clearinghouses are organizations that convert nonstandard health information into a standard format or the other way around. Billing services and community healthcare systems are two examples of health data management services.

Entities can utilize the HHS web tool to see if they are a HIPAA-covered entity or BA, and hence whether they are required to comply with HIPAA.