What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act. It was passed in 1996 mandating standards throughout the healthcare industry on electronic billing and other processes. It also provides the ability to transfer and continue health insurance coverage when they change jobs or are terminated. This helps in the reduction of abuse and health care fraud and requires protecting and confidentiality when handling protected health information.

Who is HIPAA for?

HIPAA was designed for patients and ensures health plans, healthcare providers, clearinghouses and businesses associates of any HIPAA-covered entities must implement safeguards to protect sensitive and personal and health information. This law prevents group health plans from refusing to cover people with pre-existing diseases or conditions and prevents them from setting limits on lifetime coverage.

Designed to be flexible yet comprehensive, it covers a variety of uses and disclosures that are needed. All covered entities under the rule are required to comply.

What is a covered entity?

Covered entities are defined as health plans, healthcare clearinghouses and healthcare providers electronically transmitting health information through transactions.

  • Healthcare providers

This includes physicians, nurse practitioners; dentists; nursing homes; chiropractors; pharmacies; psychologists and other licensed healthcare professionals or facilities

  • Health plans

This includes company health plans, health insurance organizations, HMOs; veteran and military care programs; Medicare; Medicaid and government programs.

  • Clearinghouses

Any entities processing nonstandard health information they receive from another entity qualifies under this rule. This includes standard electronic format or data content.

Covered entities can apply for “meaningful use” to collect government incentives for adapting an EMR.  There are certain regulatory requirements for covered entities:

  1. The HIPAA Privacy Rule, which sets the standards for the use of PHI and patients’ rights to access their healthcare data.
  2. HIPAA Security Rule, which sets the standards for electronic transmission, storage and use of PHI. This includes computer and network access to PHI.
  3. HIPAA Breach Notification Rule, which sets the standards for procedures and reporting that all covered entities must complete if there is a data breach.