the best health technologies from CES 2016
CES 2016 : Digital Health Technologies Disrupting How Care is Delivered [Infographic]
February 4, 2016
develop your Own electronic medical records
Should You Build Your Own EMR?
February 25, 2016
Show all

A Definitive Guide to HIPAA Privacy Rules

summary of the HIPAA privacy rule

Just recently, we talked about HIPAA Security Rules, the national standards that require healthcare organizations and the associated businesses associates to protect the Electronic Protected Health Information (ePHI) of an individual. Now, it’s time to have a brief discussion on HIPAA Privacy Rules. You already know that whereas security rules apply only to the information that is stored, handled and transferred electronically, privacy rules apply to all forms of PHI, whether electronic, written, or oral. So, it’s obvious that Privacy Rules (PR) will involve even broader requirements than Security Rules (SR) to protect the confidentiality of patient information. Let’s delve deep into this topic.

What health information is protected by the privacy rule

What information is protected?

The HIPAA Privacy Rule establishes national standards to protect the medical records and other protected health information (PHI) of an individual. With a couple of exceptions, PHI includes all individually identifiable health information that is maintained or transmitted in any form or medium whether electronic, written, or oral. Some of the examples of PHI are names, all dates (except year) elements related to the person, license numbers, fax numbers, telephone numbers, social security numbers, and demographic information such as addresses, geographic codes smaller than state, etc. Any other information that can possibly identify the person needs to be protected.

The exception involves disclosures of patient information that are required by law. For example, we are legally authorized to report communicable diseases to the appropriate authorities.

standards for privacy of individually identifiable health information

What is considered “personally-identifiable health information”?

Personally-Identifiable health information generally includes the following, whether in electronic, paper, or oral format:

checkbox Enrollment and disenrollment in a health plan
checkbox Health plan premium payments
checkbox Health care claims
checkbox Health care encounter information, such as physical or e-paper documenting doctor’s visits
checkbox Health care payment and remittance advice
checkbox First report of injury
checkbox Health claims attachments
checkbox Coordination of health care benefits
checkbox Health care claim status
checkbox Referral certifications and authorization
checkbox Health care electronic funds transfers (EFT) and remittance advice; and
checkbox Other transactions that HHS may prescribe in future regulations

HIPAA privacy rules

Who is covered by HIPAA Privacy Rules?

The Rule applies to all the healthcare providers, health care plans, insurance companies and health care clearing houses. In order to comply with this rule and protect the privacy of healthcare information, physicians are required to follow appropriate safeguards and set limits and conditions on the uses and disclosures of such information without patient authorization.
Under this rule, the patients are given full rights over their health information, including rights to scrutinize and get a copy of their health records when required, and to request corrections. The standards also require doctors to provide their patients an account of each entity to which they disclose PHI for administrative and billing purposes.

Business Associates (BAs) of the covered entities (CEs) are also directly liable for uses and disclosures of PHI that are not covered under their BAA (Business Associate Agreement) or the HIPAA Privacy Rule itself.

The Privacy Rule requires BAs to do the following:

checkbox Do not allow any unauthorized uses or disclosures of PHI.
checkbox Provide breach notification to the CE.
checkbox Provide either the individual or the CE access to PHI.
checkbox Disclose PHI to the Secretary of Department of Human Health and Services (HHS), if asked to do so.
checkbox Provide an accounting of disclosures.
checkbox checkboxComply with the guidelines set by HIPAA Security Rule.

HIPAA and privacy rules create complex challenges

Challenges Presented by HIPAA Privacy Rule

HIPAA privacy rule has posed several challenges for the healthcare providers. They cannot share patient information between each other freely, unless the patient or the client gives permission to them. Without being able to share that information, it takes a lot of time to obtain important information that can impact patient care adversely. Even when the patient has given permission for information sharing, healthcare providers remain extremely cautious. Anyone who is found violating HIPAA privacy rules is charged with huge penalties under the law.

The complexity involved in the implementation of HIPAA privacy provisions has also risen the costs. Organization are not only obligated to train their staff but also hire outside companies to perform audits and implement policies and procedures to remain compliant.

Researchers also get affected by this rule because they cannot do their study freely based on patient data, unless the patient authorizes them to view and use that information. Due to this, the cost of recruitment for studies has also risen considerably.

In spite of these limitations, we can’t deny the fact that the HIPAA Privacy Rule has helped to build better security within many healthcare organizations. It has created a culture of compliance and promoted the confidentiality of patient information both physically and electronically.


Subscribe to Vigyanix Blog

Join 1000+ fellow healthcare professionals! Get Vigyanix' latest healthcare articles straight to your inbox.

Leave a Reply

Your email address will not be published. Required fields are marked *