|  | Healthcare Industry | Health Insurance

Health Insurance and the Privacy Protection Act

Implemented in 2003, the Health Insurance Portability and Accountability Act (HIPAA) is U.S. federal legislation that establishes standards for the electronic transmission of health care information between health care providers, insurers and clearinghouses. It also protects the security and privacy of health information. Because of the act, health insurers must safeguard the medical information they handle.

  1. Protected Health Information

    • Health insurance companies must safeguard protected health information (PHI), and cannot disclose it without the patient's authorization. Protected health information is any demographic or personal health information that can identify a patient, including name, date of birth, dates of treatment, contact information, social security number, medical records and any other unique identifying number.

    Impacted Entities

    • As part of HIPAA, the Privacy Rule protects health information held by health care providers, including doctors, nurses, hospitals and clinics; health care clearing houses that handle and process health information received from other businesses, such as hospital billing services; and health plans, which include health insurers, company health plans, HMOs, Medicare and Medicaid.

    Databases

    • Health insurance companies use databases to obtain consumer reports for individuals applying for insurance. These databases are not subject to HIPAA regulations. Many insurers enter individuals' specific medical conditions into the Medical Information Bureau (MIB) database, once they have determined a medical condition is significant. Approximately 600 insurance firms use the MIB to obtain consumer reports for applicants. IntelliScript and MedPoint are databases containing consumer history of prescription drug purchases. Health insurance companies use consumer reports from these databases when assessing the risk of insuring an individual.

    Release of Health Information

    • Under the Financial Modernization Act of 1999, health insurance companies are a type of financial institution. This means that insurance companies are required to tell you how they gather and use your consumer information, including medical information, and how you can exercise your rights. Health insurance plans may disclose medical information without the patient's authorization when requested through a court order. The plan will only disclose the specific information requested in the order. Subpoenas issued by anyone other than a judge will have to meet notification requirements under the Privacy Law before the health insurance plan releases any medical information. Other scenarios in which health insurance companies can disclose protected health information without the patient's authorization include disclosures related to treatment, payment or operations of the business.

    Exempt Insurance Types

    • Worker's compensation, disability, supplemental coverage to liability insurance, car medical payment insurance and coverage for on-site medical clinics are all types of medical insurance exempt from HIPAA regulations. Individual states regulate worker's compensation. Individual states may have their own privacy regulations in place for worker's compensation.

Health Insurance - Related Articles