You may hear the term around the hospital or sign forms in its regard at the doctor’s office, but do you truly understand what it is? The Health Insurance Portability and Accountability Act of 1996, better known as HIPAA, is a federal regulation protecting the privacy and security of health information.
Prior to HIPAA, the healthcare industry did not have any rules protecting health information. The need for safety and privacy regulations increased when new technologies introduced new platforms for the processing of claim payments, answers to eligibility questions, health information, and other clinical and health-based information. Not only did sensitive information on paper need security and privacy, but electronic information was vulnerable until HIPAA paved the road for protection.
The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting information Specifically, covered entities must:
Ensure the confidentiality, integrity, and availability of all Electronic Protected Health Information (e-PHI) they create, receive, maintain or transmit;
Identify and protect against reasonably anticipated threats to the security or integrity of the information;
Protect against reasonably anticipated, impermissible uses or disclosures; and
Ensure compliance by their workforce.
Who Must Comply with HIPAA?
HIPAA covers individuals and organizations. Those who must comply with the regulations of HIPAA are known as “HIPAA-covered entities”. Health plans, clearinghouses, and certain health care providers are all considered HIPAA-covered entities. Some examples include:
Other- Any provider submitting HIPAA transactions electronically
Health insurance companies
HMO’s (Health Maintenance Organizations)
Employer-sponsored health plans
Government programs that pay for healthcare (Medicare, Medicaid, and military/veterans’ health programs)
Improving Technologies Lead to New Risks
The medical workforce and health industry is breaking ground on new technologies and software that allows them to be more mobile and more efficient. Providers are using clinical applications such as computerized physician order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems. Health plans are providing access to claims and care management, as well as member self-service all from the convenience of a cell phone, tablet, or computer. While information like patient records and test results can be accessed quickly, the potential security risks are increasing.
The Security Rule of HIPAA aims to protect the privacy of individuals’ health information while still allowing covered entities to continue improvements in the quality and efficiency of patient care through new technologies. In spite of the growing risks of data security, the Security Rule is designed to be flexible and scalable in order to best protect vulnerable and sensitive health related information.
For more information about HIPAA compliance and proper medical waste disposal, contact San Diego Medical Waste Services, LLC, or visit: firstname.lastname@example.org or 619-990-4604.