Four Standards of HIPAA

Privacy

• This complex standard protects and controls health information. HIPAA protects the confidentiality of every patient. Patients have the right to access and correct their records, limit record access and file and pursue complaints with the U.S. Department of Health and Human Services. Exceptions to disclosure include abuse victims; limited public health information; legal, research and judicial purposes; public safety; deceased persons and some special government and legal exceptions.

Security

• The security standard covers the safety of information for health care plans and providers. Three areas of safety, including physical, technological and administrative, apply to what an agency must do specifically. These areas are required, which means they must occur, or addressable, which means a documented attempt must be made to implement them, even if the attempt is not successful. Agencies must perform a risk analysis reviewing threats to individual responsibility. In addition, employees must receive on-going training regarding security standards.

Identifiers

• Identifiers address the information that cannot be released if information is collected for research purposes. This includes obvious information such as names, dates, phone numbers and addresses, but even some general information must be removed, including any geographic information smaller than a state, any dates except a year, e-mail, social security numbers, any account numbers, vehicle identifiers, license or certificate numbers, websites, photographs, biometric information and any other unique code, number or characteristic.

Codes

• Codes or transactions involve the transfer of information between parties, such as health care claims. HIPAA covers the electronic transmission of transactions including payments, claims, eligibility, referrals, enrollment and authorizations. Agencies must follow adopted standards for content and format to transmit transactions. HIPAA also determines specific codes for each type of paperwork.