6 min read Show
Part of the Health Insurance Portability and Accountability Act (HIPAA), the HIPAA Privacy Rule was first enacted into law in 2002. The Rule applies to all HIPAA covered entities. As outlined by the Department of Health and Human Services (the HHS Office), this includes health plans, health care clearing houses, and any health care provider who transmits health information in electronic form in connection with transactions for which HHS has adopted standards under HIPAA. In addition, the HIPAA Privacy Rule applies to third-party service providers who perform certain functions or activities on behalf of a covered entity that involves the use or disclosure of individually identifiable health information. These third parties are generally referred to as business associates. The overarching goal of the HIPAA Privacy Rule is to protect the confidentiality of patients and their medical records – while still allowing covered entities to exchange health care data securely as required. Most, but not all information is directly covered by the HIPAA Privacy Rule. So, let’s break down precisely what you need to know and do to ensure your patients’ health information is protected and that you comply with the HIPAA Privacy Rule.
What Information Is Covered Under the HIPAA Privacy Rule?Individually identifiable health information is any information that a covered entity stores that can be used to personally identify an individual. This information is covered under the HIPAA Privacy Rule and is known as protected health information (PHI).  (Image source: totalhipaa.com) Importantly, as individually identifiable information is often accessed by insurance providers and clearing houses for billing purposes, PHI includes not only names and addresses, but also things like credit card information and vehicle registration plate numbers that these bodies often receive from another entity. In addition, videos and images that contain individually identifiable information (e.g., a photograph of a patient’s wound from which the identity of the patient can be determined by a distinguishing feature) are also considered PHI. In all, there 18 specific individual identifiers the HIPAA Privacy Rule covers. When health information contains one or more of the following identifiers, that information becomes PHI:
In short, as outlined by the HHS, individually identifiable information is any information or democratic data that relates to:
What Information Is Not Protected by the HIPAA Privacy Rule?Certain information and disclosures of PHI are excluded from the HIPAA Privacy Rule. These are as follows: Health Information in Employment RecordsThe HIPAA Privacy Rule does not apply to employment records – even when those records contain health and other medical information. However, should an employee become a patient, then the HIPAA Privacy Rule applies. Health Information in Education RecordsHealth information contained in education records are excluded from the HIPAA Privacy Rule when they are subject to, or defined in, the Family Education Rights and Privacy Act (FEPRA). Health Information Pertaining to a Person Who Has Been Deceased for Over 50 YearsInformation on a person who passed away more than 50 years ago is not considered PHI under HIPAA. De-Identified Health InformationDe-identified health information is health information that neither identifies nor provides a reasonable basis for identifying an individual. There are two ways to de-identify information – either via a formal determination by a qualified statistician, or the removal of all 18 specified identifiers of the individual and the individual’s relatives, as outlined by the HHS and listed above. What is not considered PHI under HIPAAPHI does not include information from educational and employment records. Only information on patients or health plan members is subject to PHI regulations. Storing and Protecting PHIIn order to protect your patients’ PHI in accordance with the HIPAA Privacy Rule, covered entities must put in place adequate safeguards to ensure this information is not used or disclosed improperly. A major part of this is the “Minimum Necessary” rule, which stipulates that disclosures of PHI must be limited to the minimum necessary to accomplish the intended purpose. In addition, covered entities must put policies and procedures in place to limit who can view and access PHI. They must also provide training programs for employees about how to protect medical records and other health and individually identifiable information. Furthermore, all business associates must put in place adequate safeguards to protect PHI and ensure they do not use or disclose health information improperly. This has implications on where and how you store your PHI. For example, if you store PHI with a cloud storage provider, that provider must sign a Business Associate Agreement (BAA) with you and maintain full compliance with HIPAA. As such, it is crucial covered entities utilize the services of a specialist cloud storage provider like Central Data Storage. Certain popular cloud storage service providers such as WeTransfer and Apple iCloud will not sign a BAA with HIPAA covered entities. Others, like Dropbox and Google, do not provide HIPAA compliant cloud storage solutions by design – meaning it is down to you to configure the system to ensure you meet the requirements of the HIPAA Privacy Rule. At Central Data Storage, we provide cloud-based data storage, backup and recovery solutions that comply with HIPAA for professionals in the health care industry. We make it our business to make sure our clients are in full compliance with the HIPAA Privacy Rule, the HIPAA Security Rule and all other data protection regulations. Contact our friendly team today. Call 1-888-907-1227 or email .
What type of information is protected by the HIPAA privacy Rule?The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other individually identifiable health information (collectively defined as “protected health information”) and applies to health plans, health care clearinghouses, and those health care providers that conduct certain ...
What are the 3 rules included in HIPAA?The HIPAA rules and regulations consists of three major components, the HIPAA Privacy rules, Security rules, and Breach Notification rules.
What is an example of information protected under HIPAA?Health information such as diagnoses, treatment information, medical test results, and prescription information are considered protected health information under HIPAA, as are national identification numbers and demographic information such as birth dates, gender, ethnicity, and contact and emergency contact ...
What are the 4 main rules of HIPAA?The HIPAA Security Rule Standards and Implementation Specifications has four major sections, created to identify relevant security safeguards that help achieve compliance: 1) Physical; 2) Administrative; 3) Technical, and 4) Policies, Procedures, and Documentation Requirements.
|
Under the privacy rule for hipaa protected information includes
Copyright © 2024 themosti Inc.
