How does HIPAA protect you?

Though HIPAA was introduced to iron out complications associated with moving health insurance plans between employers and other details of group insurance policies, since its introduction in 1996 most associate HIPAA with issues of patient privacy.

The second title of HIPAA (Title II of the Act: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform) explicitly concerns itself with such issues. However, for many patients, it is hard to see the benefits of HIPAA. Medical staff and others in the healthcare industry receive extensive HIPAA training on how to interpret and apply the nuances of HIPAA, and its complex legal language is seen as too high barrier for entry for most patients.


Here, we want to explain what HIPAA is and how it protects you. From a patient perspective, HIPAA is an incredibly important document as it puts patients’ rights at the fore. It offers definitions of what private data is, how it is to be protected, what mechanisms should be enacted if a breach occurs and also establishes what penalties should be applied if a HIPAA violation is discovered.

How does HIPAA protect private data?

The Privacy Rule, added to HIPAA in 2003, defines “protected health information” as any piece of data that can be used to identify an individual. Examples of this type of data is provided below:
  • Name
  • Telephone numbers
  • Addresses or geographical information smaller than the State level (except the first three digits of a ZIP code)
  • Social Security numbers
  • Fax Numbers
  • Email addresses
  • Medical records
  • Health insurance numbers/beneficiary numbers
  • Account numbers (e.g. bank account)
  • Certificate or license numbers
  • Vehicle license plates or other identifiers
  • Device serial numbers
  • URLs associated with the patient
  • IP addresses
  • Biometric identifiers (e.g. finger, retinal and voice prints)
  • Photographs or video footage
This PHI, and all other medical and health-related data, is protected under HIPAA. This means that it must be maintained in a secure way that prevents unauthorized individuals from accessing it. Additionally, any person who comes into contact with such PHI must not disclose it with anyone else unless it is needed for a healthcare-related task (e.g. consultation on treatment or for billing). This is part of the Minimum Necessary Rule.
 
 
What are safeguards?
 
In 2005, the Security Rule was added to HIPAA. This stipulated how covered entities and their business associates should go about protecting PHI defined in the Privacy Rule. The Rule established different means of protection, or safeguards, to be used when protecting data. These safeguards come under three categories: administrative (including secure reporting mechanisms, regular risk assessments and employee training, physical (such as clear-desk policies, locking desks and secure work areas) and technical (such as two-factor authentication, rigorous password policies and encryption). All of these safeguards must be in place for a covered entity or business associate to be HIPAA compliant. That also serve to protect the patient’s most fundamental HIPAA right: privacy of data.

The Office for Civil Rights strictly enforces HIPAA, and regularly issues large fines if it discovers that a data breach has occurred. As well as punishing the negligent parties, the fines also act as a deterrent for those hoping to “cut corners” and not act on HIPAA guidelines. This, again, underscores HIPAA’s focus on patient protection.
 
 
< Prev   Next >
 
 

Quotation

"The only way of finding the limits of the possible is by going beyond them into the impossible."

Arthur C. Clarke

 

Copyright 2019 AmO: Life Beauty Without Limits....