 |
Frequently Asked Questions About Privacy
What is HIPAA?
HIPAA is an acronym for the Health Insurance Portability and Accountability Act
of 1996. Portability refers to the section that provides for the waiver of
pre-existing conditions when persons who are covered under a group policy with
their current employer move to a new employer. HIPAA portability provisions
limit the ability of group health plans to exclude coverage of pre-existing
conditions and prohibits the exclusion of individuals from coverage based on
health status.
As a part of the legislation, Congress incorporated a section called
“Administrative Simplification”. This section of the law includes:
- Standardization of electronic formats for transmission of nine
transactions including claims, eligibility, referral certification and
authorization, claim status, enrollment, claim payment and remittance
advice, and premium payments.
- Security of electronic health information and electronic signatures.
- Privacy of member's identifiable information.
Return to Top
What is the difference between privacy and security of member
information?
Security is defined as the ability to control access and protect information
from accidental or intentional disclosures to unauthorized persons and from
alteration, destruction, or loss. Security is typically accomplished through
some kind of technical controls. Privacy is defined as controlling who is
authorized to access member information and under what circumstances member
information may be accessed, used, and/or disclosed to third parties.
Return to Top
Who is covered by the HIPAA Privacy and Security Rules?
Health care providers that transmit claims electronically, health plans, and
health care clearinghouses.
Return to Top
Is all member information protected?
With a couple of exceptions, protected health information (PHI) includes all
individually identifiable health information that is transmitted or maintained
in any form or medium. Broadly defined, PHI is any member information, including
demographic information, that ties the identity of the individual to their
health record. Examples are names, addresses, all date (except year) elements
related to the individual, telephone numbers, fax numbers, e-mail addresses,
license numbers, etc. If it can possibly be used to identify an individual, the
element is considered protected.
Return to Top
What is the Privacy Rule?
The Privacy Rule creates national standards to protect individuals' medical
records and other personal health information. Specifically, it:
- Gives members more control over their health information.
- Sets boundaries on the use and release of health information.
- Establishes appropriate safeguards that health care providers and others
must achieve to protect the privacy of health information.
- Holds violators accountable with civil and criminal penalties that can be
imposed if they violate members' privacy rights, and
- Strikes a balance when public responsibility requires disclosure of some
forms of data - for example, to protect public health.
For members, it:
- Enables members to find out how their information may be used and what
disclosures of their information have been made. In most cases, it requires
specific member consent or authorization to use or disclose their protected
health information.
- Generally limits release of information to the minimum reasonably needed
for the purpose of disclosure, and
- Gives members the right to examine and obtain a copy of their own health
records and request corrections.
Return to Top
Can an individual sue if his or her privacy is violated?
No. HIPAA does not create a federal right to sue for violations of the Act.
Individual complaints are filed with the Office of Civil Rights (OCR). It is
this federal agency that will investigate claims that member protections have
been violated.
Return to Top
|
|