The Department of Health and Human Sciences first issued the Health Insurance Portability and Accountability Act of 1996 or HIPAA to set national standards for the protection of patient health information. This law was designed to protect and control how private health information is used. The Office for Civil Rights has the responsibility to implement and enforce privacy rules that will include voluntary compliance with financial penalties.
Goals of HIPAA
An individuals’ health information is highly private. There should be no dissemination of information to outside parties unless written permission is expressively given by the patient. This rule strives to provide a balance that permits information to be sent to necessary parties while at the same time promoting protection and security of the public’s health and safety. The rule is flexible yet comprehensive and gives specific details as to what information can be sent to third parties.
HIPAA requires that entities (those who use health information) comply with the applicable requirements and rules. The summary of the HIPAA law is not a source of legal information, but the entire law or act needs to be read and studies to ensure that specific laws are followed.
HIPAA rules cover health plans or insurance companies and clearinghouses that move heath information to different third party providers. HIPAA definitely applies to the health care provider and other providers to meet the information needed treat a patient. Take note that HIPAA privacy coverage also covers health plans that are implemented by employment, government and church sponsored plans.
All individual and group plans that pay the cost of medical care are regulated by HIPAA rules and procedures. These include health and dental as well as vision and prescription drugs. Those organizations that are HMO, Medicare and Medicaid are also liable. In other words, every entity that handles private medical information is subject to HIPAA.
HIPAA is designed to protect individual medical records when entities use electronic technology to transmit medical records. Healthcare clearinghouses are those businesses that process nonstandard information and they are highly regulated under HIPAA rules. Clearinghouses are billing services, community health management systems and value-added systems that provide services to hospitals and clinics.
One very important medical entity is psychotherapy. The notes taken by a health care provider in regards to mental health are highly regulated. All professional documenting or analyzing during conversations with patients, family or groups are private and not to be disseminated unless specific permission is granted. All medications and monitoring plus counseling sessions and their start and stop times, the modalities of treatments that are furnished plus the results of clinical tests and the summary are not to be given to third parties. The only exception to this rule may be in the case of court ordered release to substantial a legal matter.
HIPAA does retain the right to modify the existing rules and procedures at any given time. There are updates issued on a regular basis. Currently there are a number of provisions of the HITECH Act that are designed to strengthen security issues for health information that are established in HIPAA.