How does HIPAA protect personal medical ​records?

Patients share their private information with doctors to get appropriate treatment. Sometimes, patients are reluctant to disclose their problems in front of their doctor due to confidentiality issues. They may be hesitant because of a stigma attached to a disease or don’t feel comfortable sharing their private information. 

Public laws can help patients share their information confidently without the fear of information breaches. This can help patients to get better treatment and participate in research for fighting various diseases and epidemics. In a nutshell, it can be beneficial for the whole society.

We are talking about HIPAA, which means the Health Insurance Portability and Accountability Act. In this article, we will explain how does this Act help to protect your personal medical records.

What is the purpose of HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA)  was enacted on August 21, 1996. The law demands the development of national standards for protecting patient’s essential and sensitive information and preventing its disclosure without the patient’s consent.

The primary purpose of the HIPPA act was to make the health care delivery process efficient and expand the number of Americans with health insurance coverage. These purposes were to be fulfilled through the following three provisions of the act: 

  1. The portability provisions
  2. The tax provisions
  3. The administrative simplification provisions.

Portability Provisions

The portability provision of HIPPA was meant to prevent the individuals from losing health care coverage for any pre-existing condition when they shift to a new employer’s health plan. It also aimed to reduce the number of individuals without health insurance and help individuals get health insurance effortlessly without their employer.

Tax Provisions

The tax provision aimed at modifying tax laws for individuals to maintain health insurance.

Administrative Simplification Provisions

Administrative Simplification Provisions directed the Department of Health and Human Services (HHS) secretary to issue regulations related to electronic transmission of health information. It aimed at mandating security standards and developing state-wise security standards for electronic health care information.

The US Department of Health and Human Services (HHS) issued a HIPPA privacy rule for implementing requirements of the HIPPA act. It addresses the security of people’s health information, whereas the HIPPA security rule protects the subsection of the information that is covered in the privacy rule.

➔ READ MORE: Difference between general Medical Records and Psychiatric Notes.

HIPAA Privacy Rule

The privacy rule standards direct the use of “protected health information” by the entities subject to this privacy rule. Such entities can be an individual or organizations and are called “covered entities.” 

The privacy rule also includes the standards related to individual rights that help understand and control the health information. Based on its purpose of creation, the privacy rule was made to protect personal health information and permit the smooth flow of health information to provide and promote quality healthcare and guard general public health and well-being. This rule allows the flow of important information to benefit individuals and society while safeguarding the patient’s information privacy related to the disease and treatment.

Covered Entities

Following are the individuals or organizations that are considered as covered entities as per privacy rule:

Healthcare providers: Every healthcare provider that is involved in electronically transferring health information.

Health plans: Organizations that pay the medical care bills. Vision, dental, prescription drug insurers; Medicare, Medicaid, and Medicare supplement insurers; health maintenance organizations, multi-employer, employer-sponsored, government- and church-sponsored health plans are all included in health plans.

Healthcare clearinghouses: Organizations that are involved in processing nonstandard information to standard format or vice versa

Business associates: A person or organization that is not a member of the covered entity’s workforce and uses or discloses a person’s identifiable health information to perform and provide function, activities, or service for the covered entity.

HIPPA Security Rule

The security rule safeguards a subset of information that comes under the privacy rule. All the individually identifiable health information created, received, maintained, or transmitted in electronic form by covered entities comes under this subset. Such information is called “electronic protected health information” (e-PHI). Moreover, the security rule does not pertain to PHI that is transferred orally or in writing form.