|  | Healthcare Industry | Healthcare Management

What Are the Privacy Policies Under HIPAA In Massachusetts?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law Congress passed in 1996. HIPAA prescribes a number of standards health care providers must follow to protect a patient's right to privacy. The law changed the way information is exchanged in the health care industry. Massachusetts must adopt new patient privacy policies to comply with the rights afforded to patients under HIPAA.

  1. Patient Privacy Notice

    • State and federal law requires health care providers to keep private a patient's protected health information (PHI). PHI is any information used to identify a patient's physical or mental health status, services delivered and cost of care. Health care providers must notify patients how they use and release aspects of their PHI as well as provide them information of their right to privacy.

    Information Disclosure for Treatment

    • The state's privacy policies enable health care providers delivering services to patients to share elements of their PHI with other service providers also involved in the treatment plan. Health care providers may use a patient's PHI to develop a treatment plan, determine services covered by their insurance plan and complete regular evaluations in accordance with serving the patient. For example, health care providers may exchange PHI to request and review lab work and other diagnostic tests, acquire prescriptions and consultation with other health care professional's regarding a patient's medical history.

    Information Disclosure for Payment

    • Health care providers also may disclose components of a PHI for payment purposes. In certain cases, a PHI is used to collect reimbursement for services delivered by a third-party insurance company, Medicaid and/or Medicare---public health care benefit programs for the poor, disabled and seniors.

    Information Disclosure for Operations

    • A number of government and nonprofit rating agencies conduct periodic review of health care providers to obtain and maintain certain types of accreditation. PHI is sometimes assessed as part of this review to evaluate patient complaints or information related to service utilization.

    Patient Authorization

    • Health care providers must obtain a patient's written authorization (or someone acting legally on their behalf) to share his PHI for reasons other than treatment, payment and operations. A patient also has the right to revoke a health care provider's PHI disclosure privilege at any time by notifying the provider in writing. Certain exceptions apply, such as in cases where the patient is abused, an inmate, under investigation for fraud and/or death, among other extenuating circumstances.

Healthcare Management - Related Articles