The Health Insurance Portability and Accountability Act hopes to protect the privacy of patients or customers of health insurers while also defining who the covered entities are.
In complying with the HIPAA, there are various HIPAA Requirements that covered entities and consumers must follow in order to avoid incurring any violations.
These requirements are specific, detailing guidelines for consumers and another set of guidelines for covered entities. The requirements likewise include certain forms that both parties may need to submit for specific purposes.
For covered entities, i.e. health insurance companies, HMOs, health care clearinghouses and health care providers; the basic requirement under the Final Rule is to protect electronically documented patient or consumer information.
Protecting this information includes putting in place security measures both physically and technologically to ensure that no patient information will be exposed to unauthorized personnel.
If this information will be used in any way such as passing it on to a business associate, the covered entities must fill-out specific consent and authorization forms and have these signed by the concerned client.
For clients or patients on the other hand, the basic requirements are those that need specific forms to show their consent to, as mentioned, passing on their information to a covered entity’s business associate; and allowing visitors to be in the room during a medical procedure.
What Information is Covered Under the Privacy Rule?
Basic information about a patient such as their names, addresses, dates, i.e. birth date, admission and discharge date and also date of demise; are covered under the privacy rule.
Pictures of the patient as well as Social Security and Medical Record numbers are likewise included in the privacy rule.
Should any of the abovementioned information be used by the covered entity in activities other than those set by the HIPAA, the covered entity is required to obtain authorization and consent from the patient prior to using the information.
The covered entity is required by law to submit a Notice of Privacy Practices to the client to avoid breach of the privacy rule.
For the part of the business associate who will be receiving a client’s information, the business associate is required by Federal Law to let the covered entity know if the information was disclosed to unauthorized personnel or other entities.
The business associate is likewise required, where possible, to give back the information to the covered entity upon termination of their agreement.
Should any violations be committed by the business associate, the covered entity must employ all means to rectify the situation and inform the U.S. Department of Health and Human Services.