HIPAA stands for Health Insurance Portability and Accountability
Act. When I hear people talking about HIPAA, they are usually not
talking about the original Act. They are talking about the Privacy Rule
that was issued as a result of the HIPAA in the form of a Notice of
Health Information Practices.
The United States Department of
Health & Human Services official Summary of the HIPAA Privacy Rule
is 25 pages long, and that is just a summary of the key elements. So as
you can imagine, it covers a lot of ground. What I would like to offer
you here is a summary of the basics of the Privacy Rule.
When it
was enacted in 1996, the Privacy Rule established guidelines for the
protection of individuals’s health information. The guidelines are
written such that they make sure that an individual’s health records are
protected while at the same time allowing needed information to be
released in the course of providing health care and protecting the
public’s health and well being. In other words, not just anyone can see a
person’s health records. But, if you want someone such as a health
provider to see your records, you can sign a release giving them access
to your records.
So just what is your health information and where
does it come from? Your health information is held or transmitted by
health plans, health care clearinghouses, and health care providers.
These are called covered entities in the wording of the rule.
These
guidelines also apply to what are called business associates of any
health plans, health care clearinghouses, and health care providers.
Business associates are those entities that offer legal, actuarial,
accounting, consulting, data aggregation, management, administrative,
accreditation, or financial services.
So, what does a typical Privacy Notice include?
- The type of information collected by your health plan.
- A description of what your health record/information includes.
- A summary of your health information rights.
- The responsibilities of the group health plan.
Let’s look at these one at a time:
Information Collected by Your Health Plan:
The group healthcare plan collects the following types of information in order to provide benefits:
Information
that you provide to the plan to enroll in the plan, including personal
information such as your address, telephone number, date of birth, and
Social Security number.
Plan contributions and account balance information.
The fact that you are or have been enrolled in the plans.
Health-related information received from any of your physicians or other healthcare providers.
Information regarding your health status, including diagnosis and claims payment information.
Changes in plan enrollment (e.g., adding a participant or dropping a participant, adding or dropping a benefit.)
Payment of plan benefits.
Claims adjudication.
Case or medical management.
Other information about you that is necessary for us to provide you with health benefits.
Understanding Your Health Record/Information:
Each
time you visit a hospital, physician, or other healthcare provider, a
record of your visit is made. Typically, this record contains your
symptoms, examination and test results, diagnoses, treatment, and a plan
for future care or treatment.
This information, often referred to as your health or medical record, serves as a:
Basis for planning your care and treatment.
Means of communication among the many health professionals who contribute to your care.
Legal document describing the care you received.
Means by which you or a third-party payer can verify that services billed were actually provided.
Tool in educating health professionals.
Source of data for medical research.
Source of information for public health officials charged with improving the health of the nation.
Source of data for facility planning and marketing.
Tool
with which the plan sponsor can assess and continually work to improve
the benefits offered by the group healthcare plan. Understanding what is
in your record and how your health information is used helps you to:
Ensure its accuracy.
Better understand who, what, when, where, and why others may access your health information.
Make more informed decisions when authorizing disclosure to others.
Your Health Information Rights:
Although
your health record is the physical property of the plan, the healthcare
practitioner, or the facility that compiled it, the information belongs
to you. You have the right to:
Request a restriction on otherwise
permitted uses and disclosures of your information for treatment,
payment, and healthcare operations purposes and disclosures to family
members for care purposes.
Obtain a paper copy of this notice of
information practices upon request, even if you agreed to receive the
notice electronically.
Inspect and obtain a copy of your health records by making a written request to the plan privacy officer.
Amend your health record by making a written request to the plan privacy officer that includes a reason to support the request.
Obtain
an accounting of disclosures of your health information made during the
previous six years by making a written request to the plan privacy
officer.
Request communications of your health information by alternative means or at alternative locations.
Revoke your authorization to use or disclose health information except to the extent that action has already been taken.
Group Health Plan Responsibilities:
The group healthcare plan is required to:
Maintain the privacy of your health information.
Provide
you with this notice as to the plan