Global HealthcareHealth ReformHome HealthMedical EducationMedical EthicsMedical RecordsNewsPolicy & LawPublic Health

HIPAA Basics For Licensed Health Care Professionals: Privacy, Security, and Breach Notification Rules

Jennifer Warren
Jennifer Warren
5 Min Read

The Department of Health and Human Services (HHS) recently issued a Health Insurance Portability and Accountability Act (HIPAA) fact sheet for health care professionals and organizations.

The Department of Health and Human Services (HHS) recently issued a Health Insurance Portability and Accountability Act (HIPAA) fact sheet for health care professionals and organizations.

The overview is titled “HIPAA Basics for Providers: Privacy, Security and Breach Notification Rules” and is intended to provide HIPAA covered entities such as physicians, health care facilities and other licenced health care professionals with a basic overview of HIPAA’s rules and responsibilities. Click here to view the HIPAA fact sheet.

 

More Read

Federal Government and HealthCare: Disparities and Delays
Study on How “Jail Breaker” Cancer Cells Escape Tumors and Spread Through the Body
Are Some Patients More at Risk of Medical Malpractice Than Others?
Specialty EMR Company Lands $14M to Take on New Markets
Avoiding Meaningful Use Penalties

HIPAA Privacy Rule.

The privacy rule is established as a standard for the protection of protected health information (PHI) by covered entities. It gives patients vital rights with respect to their health information. The following is protected information under this rule:

1. The individual’s past, present or future physical or mental health or condition;

2. The provision of health care to the individual; or

3. The past, present or future payment for the provision of health care to the individual.

PHI also includes common identifiers, such as name, address, birth date and Social Security Number.

 

HIPAA Security Rule.

This rule specifies safeguards that covered entities are required to implement to protect the confidentiality, integrity and availability of health information. To properly enforce this rule, covered entities must develop policies and procedures to protect the security of electronic protected health information (ePHI). This includes analyzing risks and creating solutions that are appropriate for the situation. For more information from HHS on the implementation of the security standards, click here.

 

HIPAA Breach Notification Rule.

Affected individuals, HHS and in certain cases, the media are required to be notified of a breach of PHI. The rule includes the following guidelines:

1. Most notifications must be provided without unreasonable delay and no later than 60 days following the discovery of the breach.

2. Smaller breaches affecting fewer than 500 individuals may be submitted to HHS in a log or other documentation annually.

3. Business associates of covered entities are also required to notify the covered entity of breaches.

To view the breach notification timelines included in the HIPAA fact sheet, click here.

 

Who is Required to Comply With HIPAA Rules?

The following covered entities must follow HIPAA standards and requirements:

1. Covered Health Care Providers: Any provider of medical or other health care services or supplies who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard. This includes doctors, chiropractors, dentists, pharmacies, psychologists, clinics and nursing homes.

2. Health Plans: Any individual or group plan that provides or pays the cost of health care. This includes company health plans, government programs for health care such as Medicaid and Medicare, along with the military and health insurance companies.

3. Health Care Clearinghouses: A public or private entity that processes another entity’s health care transactions from a standard format to a non-standard format or vice versa. This includes billing services, community health management information systems, repricing companies and value-added networks.

4. Business Associates: Provide services to covered entities and are extensions of the previous entities listed, including legal services, billing, financial services and accreditation.

 

Enforcement and Repercussions.

The HHS Office for Civil Rights enforces the HIPAA Privacy, Security and Breach Notification Rules. Violation of these rules may result in civil and in some cases criminal penalties. HIPAA violations can also lead to Medicare exclusion which is often a death sentence for a health care provider. To read a previous blog I wrote on the penalties of HIPAA violations, including a chart outlining the penalty structure, click here.

 

 

Sources:

Hamlet, Julie. “HHS ISSUES HIPAA “BASICS” FACT SHEET”. Foster Swift. (September 2, 2015). Web

Department of Health and Human Services. “HIPAA Basics for Providers: Privacy, Security and Breach Notification Rules”. (May, 2015). Web

TAGGED:
Share This Article
By Jennifer Warren
This is Jennifer Warren, staff writer at GoodFirms – a review and research platform for top ecommerce development companies, blockchain development companies among many others. A bookworm at heart, I have successfully guest blogged for top sites such as Crazyegg, Semrush, Searchenginepeople, Sitepronews, Volusion.com, Socialnomics, jeffbullas, mediapost among others.

Stay Connected

Latest News

women dental care
What Is a Smile Makeover and How Much Does It Cost?
Dental health
HIPAA-Compliant Messaging Apps
Top HIPAA-Compliant Messaging Apps for Healthcare Teams
Global Healthcare Policy & Law Technology
recovering from injury
Rebuilding After Injury: Path to Physical and Emotional Recovery
News
scientist using microscope
When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
Global Healthcare

You Might also Like