The U.S. Office for Civil Rights (OCR) has partnered with the Centers for Medicare and Medicaid Services (CMS) to publish a new fact sheet covering the nuances of the Health Insurance Portability and Accountability Act (HIPAA).
Titled, “HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules,” this fact sheet is designed to help doctors, nurses, surgeons, and other healthcare providers understand the laws regarding patient privacy. As you may already know, HIPAA was established back in 1996 with the primary goal of protecting the privacy of healthcare patients. It consists of several Rules that covered entities must follow in order to remain compliant. Healthcare providers who violate these Rules face fines, citations, and other penalties, which is why it's important for professionals to familiarize themselves with the HIPAA Rules.
At just 6 pages in length, the new HIPAA fact sheet isn't overly long or complicated. It begins by describing the various HIPAA Rules, including Privacy, Security and Breach Notification, saying they were established to protect both the security and privacy of healthcare patients.
If you dig deeper into the new HIPAA fact sheet, you'll notice that it goes into greater detail on the different Rules. The Privacy Rule, for instance, is defined as a set of standards which provide protection of Protected Health Information (PHI) that's being held by a covered entity or business associate. The Privacy Rule also allows covered entities to use and disclose PHI when necessary for patient treatment/case or other “important” purposes.
“You play a vital role in protecting the privacy and security of patient information. This fact sheet gives a basic overview of the rules, the information protected by the rules, and who must comply with the rules,” wrote the OCR and CMS in its new fact sheet.
Scrolling to page 4 of the OCR's HIPAA fact sheet will reveal a side-by-side comparison of the health care providers, health plans, and health care clearing houses, all of whom are considered to be covered entities under HIPAA. Some people assume that only doctors are covered entities, but this isn't the case. As noted in this document, chiropractors, dentists, nursing homes, pharmacies, psychologists, company health plants, health maintenance organizations, Medicare, Medicaid, and even healthcare billing services are all considered to be covered entities in the eyes of the OCR and HHS.