|  | Healthcare Industry | Healthcare Management

HIPAA PHI Policy & Procedures

The Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA, was enacted to improve the portability and continuity of health insurance coverage and health care delivery. While it largely addresses consistency in the way your personal health information (PHI) is gathered, stored and retrieved, HIPAA also has a section dealing with the privacy and confidentiality of that information.

  1. History

    • Traditionally, health insurance companies have operated autonomously in a competitive environment that discouraged information sharing. HIPAA came about because health care consumers were tired of repeating their medical information every time they encountered a new health care provider or insurance company. The message was clear: Americans wanted their medical data to be available when needed for care delivery or insurance coverage, but they also wanted controlled access to that data.

    Types

    • HIPAA identified three entities that must develop policies and procedures reflecting its privacy rules: health plans including HMOs, Medicare, Medicaid and health insurance companies; most health care providers, such as doctors, clinics and hospitals; and health care clearinghouses that process health information received from one of the two other entities. Some organizations, including workers compensation carriers and life insurance companies, are exempt from HIPAA.

    Features

    • HIPAA is very specific about the type of personal health information that must be protected. Covered entities must have policies and procedures to control access to the information in your medical record, whether it's a paper chart or an electronic record. Any time your doctor talks about your care with nurses or other health care professionals, those conversations must be kept confidential. Providers must also strictly limit access to your billing information.

    Considerations

    • While HIPAA gives you certain rights, there are restrictions that will be reflected in an organization's policies and procedures. Your personal health information can still be shared for billing purposes so physicians and hospitals can be reimbursed for the care you received. It can be used in specific ways for quality assurance purposes so providers can evaluate the care you've received. HIPAA doesn't supercede public health reporting requirements such as those for infectious diseases or mandated reporting around issues such as child abuse.

    Significance

    • HIPAA is good news for you as a consumer, since it gives you the right to control access to your medical record. Unless you specifically agree, health care providers can't provide your personal health information to your employer or share it for marketing purposes. HIPAA also says you can obtain a copy of your PHI, obtain a report about when and why your information was shared, learn who had access to it and correct any errors in the record. These rights must be reflected in the organization's policies and procedures.

Healthcare Management - Related Articles