Health Insurance Portability and Accountability Act of 1996 (HIPAA) | CDC

the health insurance portability and accountability act of 1996 (hipaa) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge . The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement HIPAA requirements. the hipaa security rule protects a subset of information covered by the privacy rule.

hipaa privacy rule

The privacy rule standards address the use and disclosure of individuals’ health information (known as protected health information, or PHI) by entities subject to the privacy rule. These individuals and organizations are called “covered entities.”

The Privacy Rule also contains standards for people’s rights to understand and control how their health information is used. one of the primary goals of the privacy rule is to ensure that individuals’ health information is appropriately protected while allowing the flow of health information necessary to provide and promote high-quality health care and protect the health and welfare of the public. the privacy rule allows for important uses of information while protecting the privacy of people seeking care and healing.

covered entities

The following types of individuals and organizations are subject to the Privacy Rule and are considered covered entities:

  • Health Care Providers: Any health care provider, regardless of practice size, that electronically transmits health information in connection with certain transactions. These transactions include:
      • claims
      • Benefit Eligibility Inquiries
      • reference authorization requests
      • other transactions for which hhs has established standards under the hipaa transaction rule.
      • Health plans: Health plans include:
          • health, dental, vision and prescription drug insurers
          • health maintenance organizations (hmos)
          • medicare, medicaid, medicare+choice and medicare supplemental insurers
          • long term care insurers (excluding nursing home fixed indemnity policies)
          • employer-sponsored group health plans
          • government and church sponsored health plans
          • multi-employer health plans
          • Exception: A group health plan with fewer than 50 participants administered solely by the employer that established and maintains the plan is not a covered entity.

            • health care clearinghouses: entities that process non-standard information they receive from another entity into a standard (ie standard format or data content), or vice versa. In most cases, health care clearinghouses will receive individually identifiable health information only when they provide these processing services to a health plan or health care provider as a business associate.
              • business associates: a person or organization (other than a member of a covered entity’s workforce) that uses or discloses individually identifiable health information to perform or provide functions, activities or services for a covered entity. these functions, activities or services include:
                  • claims processing
                  • data analysis
                  • usage review
                  • billing
                  • Permitted Uses and Disclosures

                    The law permits, but does not require, a covered entity to use and disclose Phi, without an individual’s authorization, for the following purposes or situations:

                    • disclosure to the person (if the information is necessary to access or account for the disclosures, the entity must disclose it to the person)
                    • treatment, payment and health care operations
                    • opportunity to agree or oppose disclosure of phi
                      • an entity may obtain informal permission by asking the individual directly or through circumstances that clearly give the individual an opportunity to agree, consent or object
                      • incident to a permitted use and disclosure
                      • limited data set for research, public health or healthcare operations
                      • activities of public interest and benefit: the privacy rule allows the use and disclosure of phi, without the authorization or permission of a person, for 12 national priority purposes:
                        1. when required by law
                        2. public health activities
                        3. victims of abuse or neglect or domestic violence
                        4. health oversight activities
                        5. judicial and administrative proceedings
                        6. law enforcement
                        7. functions (such as identification) relating to deceased persons
                        8. donation of cadaveric organs, eyes or tissues
                        9. research, under certain conditions
                        10. to prevent or lessen a serious threat to health or safety
                        11. essential government functions
                        12. workers compensation
                        13. hipaa security rule

                          while the hipaa privacy rule protects phi, the security rule protects a subset of information covered by the privacy rule. this subset is all individually identifiable health information that a covered entity creates, receives, maintains, or transmits in electronic format. this information is called electronic protected health information, or e-phi. the security rule does not apply to phi transmitted orally or in writing.

                          To comply with the hipaa security rule, all covered entities must:

                          • ensure the confidentiality, integrity and availability of all e-phi
                          • detect and protect against anticipated threats to information security
                          • protect against advance impermissible uses or disclosures that are not permitted by the rule
                          • certify compliance by your workforce
                          • Covered entities must rely on professional ethics and best judgment when considering requests for these permissive uses and disclosures. The HHS Office of Civil Rights enforces the HIPAA rules, and all complaints should be reported to that office. HIPAA violations may result in monetary or civil criminal penalties.

                            for more information, visit the hhs hipaa website.

Content Creator Zaid Butt joined Silsala-e-Azeemia in 2004 as student of spirituality. Mr. Zahid Butt is an IT professional, his expertise include “Web/Graphic Designer, GUI, Visualizer and Web Developer” PH: +92-3217244554

Related Posts

What Is an MBA Degree? MBA Programs and What MBA Stands For

· MBA stands for Master of Business Administration. First introduced by Harvard University Graduate School of Administration in 1908 (now Harvard 

Diclofenac – StatPearls – NCBI Bookshelf

· Diclofenac is a medication used in the management and treatment of inflammatory conditions and pain. It is in the class of non-steroidal 

What are the most common types of felonies and their penalties?

A felony is a crime of high seriousness, compared to less serious misdemeanor offenses. In the United States, felonies are generally crimes that have a 

Stem Player: everything you need to know about Kanye West’s portable music player | What Hi-Fi?

· The Stem Player is a pebble-sized MP3 player that doubles as a portable remixer. That means that as well as loading it up with your own tracks, 

What To Do When Your Car Overheats | Jiffy Lube

Here are four of the signs: A strange, sweet smell coming from the engine area (this could be the scent of leaking radiator fluid, otherwise known as coolant 

Impact of Family Engagement |

Family engagement in schools contributes to positive student outcomes, including improved child and student achievement, decreased disciplinary issues, improved