|  | Healthcare Industry | General Healthcare Industry

Define HIPAA Compliance

HIPAA stands for Health Insurance Portability and Accountability Act. It was passed in 1996 to protect a patient's health information and ensure confidentiality. Health plans, medical billing companies and health care providers are subject to strict rules regarding the electronic transmission of information regarding a patient's health. Civil and criminal charges may be imposed if a patient's right to privacy is compromised.

  1. Confidential Information

    • HIPAA protects the confidentiality of a patient's medical history as well as the patient's current condition and prognosis. Patients have the right to review their medical records and obtain a copy if requested. Providers are allowed to share this information with a health plan in order to receive payment for the services rendered. They may also discuss protected health information with another provider who was consulted or to whom the patient was referred for further examination.

    Notification

    • Patients of all health care providers must be made aware who their medical records will be released to. Patients are to be given a private practices notice prior to their first appointment with a provider. The notice should advise the patient of their rights under HIPAA which includes how their medical information will be released. It also must provide information about how to file a complaint against that provider if their medical information is released without consent. This notice should also be posted in the provider's office.

    Additional Uses

    • Medical information that is released for purposes other than payment or treatment must be authorized in writing. For example, in order to release medical records to a third party such as an employer or disability carrier, a separate authorization form is required. This form must include the specific information to be released, the reason for releasing the information, the name of the person to whom the information may be shared with, an expiration date and the right for the patient to revoke authorization in writing at any time.

    Access

    • In order to protect an individual's health information, HIPAA imposes restrictions on who is able to access this information. Access should be restricted to individuals who need this information to do their jobs. Medical records clerks, medical billers and customer service representatives, for example, require access to protected health information to perform their day to day duties. All workers with access to protected health information must be trained by their employer on privacy practice and procedures. Although patients are entitled to their medical records, they are not entitled to access psychotherapy notes.

    Violations

    • Patients can file a complaint with the provider's office if they believe their right to privacy was violated. The name of the person to whom their complaint should be addressed must be provided in the privacy practices notice. The notice must also advise patients that a complaint may be filed with the Department of Health and Human Services Office of Civil Rights. Individuals with access to protected health information should also be apprised by their employers of consequences that may be imposed should they violate a patient's right to privacy.

General Healthcare Industry - Related Articles