HIPAA stands for Health Insurance Portability and Accountability Act. When I hear people talking about HIPAA, they’re usually not talking about the original law. They are talking about the Privacy Rule that was issued as a result of HIPAA in the form of a Notice of Health Information Practices.
The US Department of Health and Human Services’ Official HIPAA Privacy Rule Summary is 25 pages long and is just a summary of the main elements. So, as you can imagine, it covers a lot of ground. What I would like to offer here is a summary of the fundamentals of the Privacy Rule.
When enacted in 1996, the Privacy Rule established guidelines for the protection of individuals’ health information. The guidelines are written in such a way as to ensure that an individual’s health records are protected while allowing necessary information to be disclosed during the delivery of health care and the protection of the health and well-being of the public. . In other words, not just anyone can see a person’s health records. But if you want someone, such as a healthcare professional, to see your records, you can sign an authorization giving access to your records.
So what is your health information and where does it come from? Your health information is held or transmitted by health plans, health centers and health care providers. These are called entities covered in the rule writing.
These guidelines also apply to so-called business partners of any health plans, health compensation centers and health care providers. Business partners are entities that provide legal, actuarial, accounting, consulting, data aggregation, management, administrative, credentialing or financial services.
So what does a typical Privacy Notice include?
The type of information collected by your health plan.
A description of what your health record/information includes.
A summary of your health information rights.
The responsibilities of the group health plan.
Let’s look at these one at a time:
Information collected by your health plan:
The group health plan collects the following types of information to provide benefits:
Information you provide to the plan to enroll in the plan, including personal information such as your address, phone number, date of birth, and Social Security number.
Plan contributions and account balance information.
The fact that you are or have been enrolled in the plans.
Health-related information received from any of your physicians or other healthcare professionals.
Information about your health status, including diagnostics and claims payment information.
Plan enrollment changes (for example, adding a participant or withdrawing a participant, adding or withdrawing a benefit).
Payment of plan benefits.