HIPPA - morgan-hanrahan/Tech-Journal GitHub Wiki

History and Background

  • President Clinton signed it into law on August of 1996
  • The intent was to “improve the portability and accountability of health insurance coverage.”
  • Meant to protect patents and their information
  • Regulates who can access patients data and how it can be used
  • The Office for Civil Rights audits for compliance

General Description

HIPAA, or the Health Insurance Portability and Accountability Act, is responsible for the protection of the sensitive health information of patients in the healthcare system.

  • With the regulations of HIPAA, healthcare providers cannot release the information of patients without the consent or knowledge of the patient the information is pertaining to.

Who must comply

- This is accomplished with the HIPAA Privacy Rule.
  • The Privacy Rule is a set of standards that define who falls under the protection of HIPAA, in addition to making sure those that do understand the rights they are given in regards to their Protected Health Information.
  • One of the important things the Privacy Rule exists for is making sure patients can keep their information confidential while receiving good, high quality healthcare.

Specific controls/requirements

  • The HIPAA privacy, security, and breach notification rules serve to protect the privacy & security of personal health information.
  • Privacy Rule - Sets national standards for the use and disclosure of protected information.
  • Security Rule - Specifies safeguards that covered entities and their business associates must use to protect confidential information.
  • Breach Notification Rule - requires covered entities to notify affected individuals, and in some cases the media, of any security breaches.

Enforcement

  • The Office for Civil Rights
  • Suspension of license
  • Fines of $50,000 – $250,000 for the employee
  • Jail time

Difficulty for Organizations to comply

  • The Security Rule limits who has access and during which situations can patient information be disclosed.
  • It usually only occurs to the patient themselves, or during significant emergencies for the patient, certain signed documentation or during audits.
  • In the instance of a breach, healthcare providers must provide certain types of notification to the affected.
  • The scale of the breach determines how much action must be taken, usually under 500 requires individual notification to all affected, usually via mail or email, above 500 usually requires media to step in an notify on a large scale, as well as notifying the secretary of breaches.
  • Similar to Security Rule, however it allows a patients to ask and access their information whenever they desire and describes transferring data digitally.
  • Mostly focuses on how secure a system is, so that security is up to date to keep patient information private.

Benefits

  • HIPAAs primary benefits come from the protection of patient information.
  • Allows people to trust medical providers, as they must request to use patient data, or follow very specific guidelines if it must be used for something.

Drawbacks

  • Does not provide a choice for information sharing. - I.E. some their parties have access to your medical records whether you like it or not.
  • Provides only directly relevant medical information.
  • Increases the administrative requirements of health care, and as a result, increases overall cost.
  • You cannot sue/have no legal discourse.