Do you know how the Health Insurance Portability and Accountability Act (HIPAA) protects healthcare patients? When you're busy conducting regular HIPAA risk assessments and fixing any potential violations, it's easy to overlook the fundamental principle of this law: to protect the privacy of U.S. healthcare patients.
Why Was HIPAA Created?
Before HIPAA was created, the health industry was like the West West, with little-to-no regulation regarding patient privacy. This meant healthcare providers could so as they please with patient information, using it for marketing purposes, handing it off to other healthcare providers, or even selling it to the highest bidder, all without breaking the law. HIPAA was passed by Congress to bring order to the U.S. healthcare system by establishing several Rules that covered entities must follow.
The HIPAA Privacy Rule
Arguably, the single most important element of HIPAA is the Privacy Rule. Enforced by the Office for Civil Rights (OCR), it consists of several requirements that doctors, physicians, nurses, and other covered entities must follow to reduce the risk of unauthorized access of Protected Health Information (PHI). If a covered entity violates one or more of these Rules, it could face fines and/or other consequences handed down by the Department of Health and Human Services (HHS). This is why it's critical that all healthcare providers covered under HIPAA familiarize themselves with these nuances of this law.
Here are some of the details of the HIPAA Privacy Rule:
- Gives patients the right to know what healthcare information of theirs will be used, how it will be used, and how “certain disclosures of their information have been used.”
- Limits the amount and type of healthcare information that covered entities are allowed to release.
- Gives patients the right to see their own healthcare information, as well as request copies and/or corrections.
- Gives patients the power to control uses and disclosures of their healthcare information.
- Gives patients a greater amount of control over their healthcare information.
- Creates boundaries in which covered entities must follow in regards to the use and release of health records.
- Creates appropriate safeguards for healhcare providers and other covered entities for protecting the privacy of patients' healthcare information.
The Privacy Rule is just one of the many elements of HIPAA. If you are a healthcare provider operating in the U.S., you should learn all of the Rules and their respective requirements.