|  | Public Health Safety | Public Health

HIPAA Rules That Apply to Hospitals

Hospitals across the country were required to make significant changes to operating procedures due to the Health Insurance Portability and Accountability Act of 1996. HIPAA created new rules for sharing and using health care information. Three rules created by HIPAA have a major impact on the everyday function of hospitals and affect privacy, security and administrative simplification. Every hospital that provides or pays for health care must adhere to these rules.

  1. Privacy

    • HIPAA mandated that "all individually identifiable health information" is to be treated as "Protected Health Information," or PHI. All PHI in any form or media, possessing individually identifiable health information should be regarded as private. Any information that might be reasonably used to identify persons such as name, address, birth date or Social Security Number should be regarded as private. Certain employment records, education and some other records defined in the Family Educational Rights and Privacy Act are excluded from PHI. Hospitals are required to guard the privacy of PHI.

    Security

    • The Security Rule protects "electronic protected health information," or e-PHI. Covered entities are required to maintain reasonable appropriate administrative, technical and physical safeguards for protecting e-PHI, according to the Department of Health and Human Services. Hospitals must implement safeguards into the software as more electronic medical records replace old fashioned medical record storage. The security rule places strict rules about disclosure or impermissible use of e-PHI and defines "confidentiality" to mean that unauthorized people do not have access to e-PHI. Authorized people should have access to unaltered PHI when required. Hospitals must make these changes to their medical record system. New health care rules requiring electronic medical records will mean that all hospitals will be required to install appropriate electronic medical record software and maintain security for e-PHI.

    Administrative Simplification

    • Administrative Simplification provisions were included in HIPAA to increase the efficiency of the health care system and make it more effective. Certain provisions in the law required the Department of Health and Human Services to adopt national standards for the protection of individually identifiable health information standards such as code sets, unique health identifiers and security. Advances in electronic technology made it possible to erode the privacy of health information. Hospitals and other entities were required to comply with the Security Rule by April 14, 2003, and the Privacy Rule by April 20, 2005. Small businesses were required to comply with the Privacy Rule by April 20, 2006.

Public Health - Related Articles