Posts Tagged ‘HIPAA’
In 1996, the health insurance portability and accountability act (HIPAA) was incorporated by the department of Health and Human Services. These rules and regulations have been designed so that they can safeguard the privacy of people with regard to their medical records. According to this act, personal information regarding the medical background of the patient cannot be revealed without any valid reason and this has brought about a sea change in the method of handling of health care information.
The rules and regulations of HIPAA are applicable to a very broad spectrum of people. All kinds of health care plans as well as health care providers, health care clearing houses and billing companies are bound by the rules as well as regulations of this act. All the organizations, which come under the stipulation of this Act, are known as covered entities. Anyone who is even remotely associated with the field of health care will be bound by the rules and regulations of this act. This is also likely to affect people who make use of health care services.
Companies, which offer medical transcription services and the employees of such companies, are not included under the “covered entities” of HIPAA. According to this Act, medical transcription services come under the classification of business associates. According to this act, a business associate is “any person or organization that performs a function or activity on behalf of a Covered Entity, but is not part of the Covered Entity’s workforce (employees, volunteers, trainees and others under the Covered Entity’s direct control, regardless of whether they are paid by the Covered Entity.” But the rules and regulations, which are being implemented in every state, are different and they will also differ from the regulations, which have been imposed at the national level. Certain states might define medical transcription companies as covered entities.
Business associates do not come under the direct governance of HIPAA. But all those organizations, which are covered entities under HIPAA, should sign a written agreement with all business associates in order to ensure that the medical information of patients is kept safe and secure. These clauses should be a part of the contract, which is signed between the covered entity and the business associate. Business associates will find that covered entities to which their services are offered will be very strict in the compliance of all these rules and regulations with relevance to HIPPA. All the covered entities should devise their own methods to ensure that their business associates do not flout any of the terms and conditions of the contract with regard to the disclosure of the medical information of the patients.
HIPAA was incorporated in the year 2001 but a small time period was given for people to implement the rules and regulations, which come under this Act. According to HIPAA, there should also be standards for the electronic transmittal of documents. The standards, which have been prescribed by HIPAA, are ANSIX12. These standards are regarding the content as well as the format of the medical information, which is being transferred in an electronic manner.
The main purpose of this Act is to curtail the free distribution of medical information of the patient. These rules have been designed keeping in mind the transmittal of information in any manner be it orally, through paper or in an electronic format. This also curtails revealing any personal identification regarding the patient like name, address, telephone number, social security number etc. Covered entities, which do not follow the rules and regulations, which have been outlined under HIPAA, will definitely have to pay some kind of penalty, which could also include a fine. Criminal charges can also be pressed depending on the circumstances.
HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003. The US Congress enacted the Health Insurance Portability and Accountability Act or HIPAA in 1996. The act covered a wide array of issues surrounding the health insurance industry but in particular it required administration simplification, which addressed the issue of security and privacy of health information.
HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). HIPAA outlined standards to improve the nation’s health care system by incorporating electronic data exchange between health care providers. The idea of course was to allow various health providers to access the records of a particular patient. So, when a patient visits a new hospital, the covering doctor can access that patients past record and in so doing provide him with better care. However, as one could envisage, this raised a great number of apprehensions with respect to the privacy and confidentiality of people’s medical records. So the legislature created a fundamental list of rules and regulations with which health care providers must comply. And the creation of these rules and regulations gave birth to the industry that is called HIPAA Compliance.
To ensure HIPAA compliance, there are certain key provisions, which need to be followed. For instance, individuals should be able to access their records and request correction of errors. Also, they should be informed about how their personal information will be used. The ‘protected health information’ (PHI) indicates that the information cannot be used for marketing purposes without the clear consent of the patients in question. People should be able to ask their covered entities (which maintain PHI about them), to ensure that their communications with the patient are confidential. It should be possible for people to file formal privacy-related complaints to the Department of Health and Human Services (HHS) Office for Civil Rights. Covered entities should document their privacy procedures, however, they have discretion on what to include in their privacy procedure. They are required to designate a privacy officer and train their employees. Covered entities can use an individual’s information without the individual’s consent if the purpose is to provide treatment, obtain payment for services and to perform the non-treatment operational tasks of the provider’s business. Some of the agencies, government bodies and individuals who can access the medical records of a person under HIPAA compliance rules are the insurance companies, employers, courts, hospitals, or individual physicians. This is also considered as a downside of the HIPAA Privacy rule because sponsors of a research study; makers of drugs for the particular study and the researchers involved in the study are included in this list.
However, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information.