HIPAA was introduced in 1996 by Congress with the aim to ensure national standards for privacy and to safe guard personal health data. On April 14, 2003, the US Department of Health and Human Services passed The Privacy Rule.
HIPAA compliance needs specific attention and effort, if any failure to adhere involves high risk of reputation damage, fines starting from $100 to $250,000 and imprisonment varying from 1 year to 10 years. Different various HIPAA management efforts are required for a practice with various different systems for patient timetable, electronic and medical files and billing. This article shows an honest way to HIPAA management adherence and is a summary of main important HIPAA terminology, principles, and requisites to assist the practitioner to adhere to HIPAA compliance through medical billing and software retailers.
The last 10 years of the 19th century saw a rapid increase of digital technology in health care, with lesser expenditure and much better service quality, also resulted in new and higher risks for accidental revelation of private health information.
Protected Health Information (PHI)
The main requirement of HIPAA is PHI, which covers any aspect that can be required to identify a person and any information or data exchanged or disclosed to other health care providers in any medium viz. digital, verbal, recorded, faxed, printed or written).
Information that is required to recognize a person includes:
- Health plan numbers
- Zip code not less than 3 digits, telephone and fax numbers, email
- License numbers
- Social security numbers
- Dates (excluding year)
- Medical record numbers
Details shared with other healthcare firms or clearinghouses are:
- Data about treatment and billing
- Notes made by nurses and physicians
HIPAA aims to ensure smooth running of PHI for healthcare operations with the patient’s approval; however, bans unauthorized PHI for any other reasons. Healthcare procedure involves payment, competence review training, treatment, care quality assessment, accreditation, auditing, legal procedures and insurance rating,
HIPAA encourages unbiased information practices and sets guidelines for those who have access to PHI to protect it.
Unbiased information practices means that a person should be permitted to
- Access to PHI,
- Rectifying mistakes and completeness,
- Know who else are using PHI.
Protecting PHI means that the subject who possess PHI should
- be responsible for self use and disclosure
- have a legal source to counter violations