Hipaa Laws: Who Are They Designed To Protect?

who do hipaa laws apply to

The Health Insurance Portability and Accountability Act (HIPAA) is a substantial piece of legislation passed by the US Congress in 1996. It establishes common standards across the US healthcare system to protect patient information. HIPAA applies to everyone as individuals as it gives them the right to inspect and request corrections to their personally identifiable health information. However, there is often confusion about whether or not HIPAA applies to specific businesses or employees.

The law defines two groups to which it applies: covered entities and business associates. Covered entities include healthcare providers, health insurance companies, and healthcare clearinghouses. Business associates are individuals or entities that carry out operations or responsibilities that involve using or disclosing protected health information, either on behalf of or as an agent of a covered entity. This could include people or organisations involved in billing, benefits management, quality assurance, and legal services.

Characteristics Values
Covered Entities Health plans, health insurance companies, HMOs, company health plans, and certain government programs that pay for healthcare, such as Medicare and Medicaid. Most healthcare providers that conduct certain business electronically, such as electronically billing your health insurance, including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists. Health care clearinghouses that process non-standard health information they receive from another entity into a standard format or data content, or vice versa.
Business Associates Companies that help your doctors get paid for providing healthcare, including billing companies and companies that process your healthcare claims. Companies that help administer health plans. People like outside lawyers, accountants, and IT specialists. Companies that store or destroy medical records.

lawshun

Health plans, including health insurance companies, HMOs, company health plans, and government programs like Medicare and Medicaid

The Health Insurance Portability and Accountability Act (HIPAA) applies to health plans, including health insurance companies, HMOs, company health plans, and government programs like Medicare and Medicaid. These are considered "covered entities" under HIPAA and are subject to the Privacy Rule and Security Rule.

The Privacy Rule gives individuals rights over their health information and sets rules and limits on who can look at and receive their health information. It protects an individual's health information while allowing necessary access to promote high-quality healthcare and protect the public's health. The rule permits important uses of information while protecting the privacy of people seeking care.

The Security Rule is a federal law that requires security for health information in electronic form. This includes all individually identifiable health information that a covered entity creates, receives, maintains, or transmits electronically.

Health plans are required to comply with the Privacy Rule and ensure that their employees are trained on HIPAA regulations. This includes understanding the rules regarding access to and disclosure of protected health information. Health plans must also have contracts in place with their business associates, such as companies that help administer health plans, to ensure that health information is handled securely and appropriately.

HIPAA provides individuals with the right to access their health records, request corrections, and receive notifications about how their health information is used and shared. Individuals can also decide if they want to give permission for their health information to be used or shared for certain purposes, such as marketing.

By following these guidelines, health plans can help protect the privacy and security of their members' health information, ensuring that it is only accessed and shared in accordance with HIPAA regulations.

lawshun

Health care providers that conduct business electronically, such as billing insurance electronically

The Health Insurance Portability and Accountability Act (HIPAA) applies to health plans, health care clearinghouses, and certain health care providers. Health care providers that conduct business electronically, such as billing insurance electronically, are covered by HIPAA. This includes most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.

HIPAA applies to these healthcare providers when they electronically transmit any health information in connection with transactions for which the Department of Health and Human Services (HHS) has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centres, physicians, and other healthcare providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities.

Covered entities under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and provide individuals with certain rights regarding their health information. This includes the right to inspect their health records and request corrections, as well as receive notifications about how their health information is used and shared.

Additionally, covered entities must have contracts in place with their business associates, such as billing companies and companies that process health care claims. These contracts ensure that business associates also comply with HIPAA Rules, safeguarding protected health information and maintaining confidentiality and integrity.

By including health care providers that conduct business electronically, HIPAA ensures the protection of individuals' health information in the digital age, where electronic transactions and data exchanges are becoming increasingly prevalent.

lawshun

Health care clearinghouses that process non-standard health information

Health care clearinghouses are a type of covered entity under HIPAA regulations. They are defined as public or private entities that act as middlemen between healthcare providers and health plans. Clearinghouses check claims from healthcare providers for errors before forwarding them to health plans for payment. This process helps to reduce workloads for healthcare providers and health plans and accelerate the payment of claims.

Clearinghouses process or facilitate the processing of health information in two ways. First, they can process or facilitate the processing of health information received from another entity in a non-standard format or with non-standard data content into standard data elements or a standard transaction. Second, they can receive a standard transaction from another entity and process or facilitate the processing of health information into a non-standard format or with non-standard data content for the receiving entity.

In the context of HIPAA, a non-standard format refers to health information that is not in a standard electronic format or with data content that does not conform to standard data elements. Standard data elements refer to the specific pieces of information that are required to be included in health records, such as patient name, location, and age.

Clearinghouses play a crucial role in ensuring the accuracy and security of sensitive health information. They are required to comply with HIPAA requirements, protecting the security and privacy of health information. This includes implementing safeguards to protect health information and ensuring that it is not used or disclosed improperly.

Overall, health care clearinghouses that process non-standard health information are essential in the healthcare industry, facilitating the exchange of information between providers and payers, ensuring accuracy, and streamlining the claims process.

HIPAA Laws: Do Dentists Need to Comply?

You may want to see also

lawshun

Business associates of covered entities, including contractors, subcontractors, and outside specialists like lawyers and accountants

The Health Insurance Portability and Accountability Act (HIPAA) applies to business associates of covered entities. These business associates include contractors, subcontractors, and outside specialists like lawyers and accountants.

Business associates are organisations or persons that provide a service to a covered entity (CE) that requires them to create, store, or disclose protected health information (PHI). CEs can disclose PHI to their business associates only if they obtain certain assurances that the business associate will appropriately protect the PHI. This is usually done through a contractual agreement, known as a Business Associate Agreement (BAA).

For example, an attorney who provides legal services to a health plan (a CE) would be considered a business associate if they perform legal services that involve the disclosure of PHI. In this case, the attorney must comply with HIPAA's requirements, such as providing satisfactory assurances that they will safeguard PHI.

Contractors and subcontractors are also considered business associates under HIPAA. Before allowing any contractor or subcontractor to do work that involves PHI, they must sign a Subcontractor Business Associate Agreement. This agreement transfers the responsibility for the PHI from the CE to the associate handling it. It is important to note that the CE is still responsible for ensuring that the business associate is truly HIPAA compliant and has appropriate privacy and security policies and procedures in place.

Accountants may also need to be HIPAA compliant if they encounter patient information through their work, such as copay, insurance payments write-offs, or other means of accessing PHI. Providing accounting or tax-related services to healthcare providers may result in access to PHI, and thus, accountants in these situations are considered business associates and must comply with HIPAA requirements.

Overall, any business associate of a CE, including contractors, subcontractors, lawyers, and accountants, must comply with HIPAA's requirements to protect PHI and ensure the privacy and security of individuals' health information.

lawshun

Vendors of personal health records

The Health Insurance Portability and Accountability Act (HIPAA) applies to vendors of personal health records (PHR) in the sense that they must report data breaches to the Federal Trade Commission under the Breach Notification Rule.

A PHR grants a patient personal access to and control over electronic copies of their health information, allowing them to manage and track their records. It is distinct from an electronic health record (EHR), which is maintained by a healthcare provider for a particular patient. A PHR is focused on the patient's access to and control over their health records, which can take the form of an "app" or a "portal." The Federal Trade Commission (FTC) defines a PHR as "an electronic record of PHR-identifiable health information on an individual that can be drawn from multiple sources and that is managed, shared, and controlled by or primarily for the individual."

The Department of Health and Human Services (HHS) has published a guide that distinguishes between PHRs offered by entities subject to the HIPAA Privacy Rule, such as healthcare providers or health plans, and those offered by entities not subject to it, such as employers or vendors who offer PHRs. This guide helps entities subject to the HIPAA Privacy Rule understand how to comply with the regulations in the context of PHRs.

For example, a healthcare provider may receive a request from a patient to send their records directly to a patient-controlled PHR offered by a vendor not subject to HIPAA. In such cases, the provider must respond promptly and in compliance with HIPAA regulations. Once the records are provided, if the PHR vendor is not subject to the HIPAA Privacy Rule, their activities are subject to the FTC's Health Breach Notification Rule as "vendors of personal health records."

Frequently asked questions

Written by
Reviewed by
Share this post
Print
Did this article help you?

Leave a comment