HIPAA Privacy Regulations

The U.S. Department of Health and Human Resources issued regulations concerning access to an individual's health information via the Health Insurance Portability and Accountability Act (HIPAA) of 1996. With the need for protecting a person's privacy rights while still ensuring the flow of important information to promote public health and quality health care, the regulations permit only those authorized by law to handle the health information for the purpose of preventing injury or disability or controlling disease to access this information.
  1. Coverage

    • The HIPAA privacy regulations apply to health plans, health-care clearinghouses, and any health-care provider who receives or transmits health information concerning certain transactions. Covered group and individual health plans include health, dental, vision, prescription drug insurers, health maintenance organizations, and others who provide or pay the cost of medical care, according to the U.S. Department of Health and Human Resources. Health-care providers covered by the rule are of any size establishment who transmits health-care transactions including claims, referral authorization requests, and benefit eligibility inquiries that transmit these transactions electronically or through a billing service or other third party. The HIPAA rule also covers health-care clearinghouses that handle nonstandard information received from another source and process it into standard format. Health-care clearinghouses involve billing services, value-added networks or any business engaged in clearinghouse activities.

    Protected Information

    • The HIPAA regulations protect all information, referred to as protected health information, whether it is electronic, oral or in written format except for certain information classified as employment or education records. Other stipulations protected under the privacy rule include giving patients more control over their health records, holding violators accountable by criminal and civil law when a patient's privacy rights are violated, and setting limits on the release of information to a reasonable level where only the minimum is required.

    Principle and Disclosure

    • The Privacy Rules' basic principle consists of regulating the number of circumstances through which a patient's protected health information may be used by other entities. With this rule, entities can only use the information whenever the Privacy Rule allows or requires; or when the patient or patient's representative gives written authorization for its use. The only time an entity has permission to use protected health information without authorization is for the purpose of giving the information to the patient; for treatment, billing, and health-care operations; public interest or benefit; and for limited data use for research, public health, or health-care operations.

General Healthcare Industry - Related Articles