What is HIPAA anyway?
HIPAA stands for Health Insurance Portability and Accountability Act. It is a law that was passed by the US Congress in 1996. The main goals of the HIPAA law are to:
- make it easier for people to keep health insurance,
- protect the confidentiality and security of healthcare information and
- help the healthcare industry control administrative costs.
HIPAA is a comprehensive legislative act incorporating the requirements of several other legislative acts, including the Public Health Service Act, Employee Retirement Income Security Act, and more recently, the Health Information Technology for Economic and Clinical Health (HITECH) Act.
What is the HIPAA Privacy Rule?
The purposed of HIPAA—and probably the most well-known HIPAA issue among consumers—is the HIPAA Privacy Rule, which introduced restrictions what the allowable uses and disclosures of protected health information were, stipulating under what circumstances, consumers private health information could be shared. HIPAA also gave patients the right to access any of their health records and data on request. The HIPAA Privacy Rule applies all protected health information, whether it is electronic, written, or oral.
What does HIPAA require be kept private?
HIPAA designates certain information as Protected Health Information (PHI), which includes any individually identifiable information about your health status, health care that you have received, or payment for health care. The HIPAA Privacy Rule does not apply when your information is used as part of a larger set of data set and is not linked to you with any direct identifiers that connect information to you personally as a patient. The HIPAA Privacy Rule also allows the release of your medical files in order to coordinate treatment with other health care providers, for making payments, or other health care operations.
Covered Entities – Who Keeps the Information?
Only “covered entities” are required to abide by the HIPAA Privacy Rule. Covered entities include:
- health care providers, such as doctors, psychologists, chiropractors, dentists, pharmacists, and nurses
- medical establishments, such as hospitals, clinics, urgent care centers, and nursing homes
- health plans, such as health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, including Medicare and Medicaid
- health care clearinghouses, such as organizations that work with converting health information into electronic format, such as software companies used by other covered entities
There are very many entities that are not covered by HIPAA. One’s place of work, life insurance companies, workers’ compensation carriers, and most schools and school districts are not required to abide by HIPAA law. Furthermore, HIPAA does not apply to companies that collect your information through health tracking or activity tracking apps or devices. The HIPAA Privacy Rule also does not apply to any friend or family member who breaks the etiquette of confidentiality, to a coworker who overhears you talking on the phone, or to the people who find your confidential information disposed of in the trash.