HIPAA, more formally known as the Health Insurance Portability and Accountability Act of 1996, is a legislation by the US that provides data security and privacy provisions for protecting medical related information.
The act, which was signed by President Bill Clinton on August 21, 1996, contains five sections, each focusing on data protection against breaches and cyberattacks on medical related information stored by health providers and insurers.
The HIPAA laws are in place to protect any identifiable information relating to the past, present, or future health or condition of an individual that may have been collected by an entity covered under the law. Click To Tweet
If you want to know how HIPAA affects professionals, we have compiled a list of FAQs that best explain everything you need to know about the act.
What is protected under HIPAA?
The HIPAA laws are in place to protect any identifiable information relating to the past, present, or future health or condition of an individual that may have been collected by an entity covered under the law.
What businesses are required to comply with HIPAA laws?
All healthcare entities that electronically transmit, process, or store medical records or related information regarding any patient are known as covered entities, and are required to comply with HIPAA laws. Furthermore, all healthcare providers that receive payment for services or charge for any portion of a payment relating to medical services are also considered a covered entity. You can get more information on covered entities from the §160.102 Applicability and §160.103 Definitions of the HIPAA Privacy Rule.
What is Protected Health Information (PHI)?
PHI is any individually identifiable health information that a covered entity stores or transmits in different formats, such as electronically through paper, or orally.
Are pictures considered part of PHI?
Yes. Pictures relating to an individual’s health record are considered to be part of PHI and must be treated in the same manner as any other type of PHI, and should thus not be disclosed.
How does HIPAA apply to professional individuals?
HIPAA protects PHI from being disclosed or used without your authorization. In addition, if you were to change jobs or switch your healthcare provider, your new employer’s health plan is required to accept you regardless of your current health status and history.
When does HIPAA require information to be encrypted?
The HIPAA laws require any information that identifies an individual to be encrypted when sent over a public network, such as the Internet.
Is a student’s health information file covered under HIPAA?
HIPAA doesn’t cover the contents of a student’s education file. Instead, they are covered under the Family Educational Right and Privacy Act (FERPA). In addition, if a student signs up for student health services, that information is covered under HIPAA.
Does HIPAA cover health information stored in an employee’s human resources file?
No. HIPAA doesn’t cover any medical information stored in an employee’s personal file.
What are the penalties for failing to maintain HIPAA compliance?
Fines for noncompliance with HIPAA can range anywhere from $100 to a maximum of $1,500,000 per year and can also include up to 10 years of jail time for any intentional abuse or misuse of an individual’s health information.
Does HIPAA require consent from a patient for the use or disclose of health information for treatment?
HIPAA provides the permit to use or disclose their medical information for payment, treatment, or any other healthcare-related activities and does not require a covered entity to seek consent from the individual.
When is an “authorization” for the disclosure of medical information required under HIPAA?
The Privacy Rule requires all covered entities to obtain authorization for uses or disclosures of information that is otherwise not allowed by the rule. The authorization must clearly indicate the number of elements and a description of the health information being used or disclosed.
Can an individual revoke their authorization?
Under HIPAA, an individual has the right to revoke their authorization at any given time. The revocation needs to be in writing and becomes effective as soon as the covered entity receives the notice.
Where can I get training on HIPAA compliance?
Several online training courses offer professionals with all the information they need to maintain their HIPAA compliance.
For additional information regarding HIPAA, or to learn more about HIPAA laws, visit the Department of Health & Human Services.