|  | Healthcare Industry | Healthcare Management

Rules for Covered Entities Who Are Subject to HIPAA

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, assigns covered entities with the responsibility of securing patient health information and enforcing confidentiality standards. Covered entities include healthcare information networks, health plans, and health care providers. Organizations must adhere to rules involving patient privacy and security by implementing administrative and technology-based procedures.

  1. Privacy Rules

    • According to the U.S. Department of Health & Human Services, HIPAA privacy rules provide covered entities with guidelines on the use of patient information and on issues regarding the proper disclosure of information. Under HIPAA, patient rights regarding privacy and confidentiality are upheld by requiring organizations to treat medical records as protected health information. At the same time, privacy rules provide a certain flexibility that allows for the exchange of information between care providers in order to provide quality care and treatment. Within the U.S. Department of Health and Human Services, the Office for Civil Rights administers and enforces HIPAA rules and may assign civil money penalties to covered entities for noncompliance issues.

    Security Rules

    • According to the U.S. Department of Health & Human Services, HIPAA's assigned security rules are designed to uphold the standards identified within the privacy rules. Security rules provide guidelines for handling patient health information in an electronic format. These rules address technology-based protocols in terms of how an organization records, stores and transmits patient information. In order to accomplish this, organizations must incorporate certain technical safeguards within their computer system networks. Some of these safeguards include system firewall protection, a means for tracking system activities and a means for limiting system access to authorized users. These rules are designed to secure patient health information within an organization as well as when transmitted between organizations.

    Disposal Rules

    • As HIPAA provides for the protection of patient health information in all forms and at all times, organizations are required to follow certain guidelines for disposing of patient information when it is no longer needed. According to the U.S. Department of Health & Human Services, disposal rules work in tandem with privacy and security rules and apply to both paper and electronic formats. As different organizations have different operating and administrative procedures in place, each organization is left to determine an appropriate method for proper disposal. HIPAA requires organizations to develop policies and procedures for proper disposal and to provide employee training for the workers who handle disposal tasks. Examples of proper disposal methods include paper shredding, special packaging for labeled prescription bottles, secured areas for disposal materials and overwriting or destroying electronic media equipment and software.

Healthcare Management - Related Articles