Description: HIPAA defines ‘Protected Health Information’as any information pertaining to the health status of individual
Simple understanding of the HIPAA Privacy Rule
HIPAA Privacy Rule is one of the five rules formulated for administrative simplification. Administrative simplification is addressed in Title II of Health Insurance Portability and Accountability Act, or HIPAA. Along with administrative simplification, the Title II of HIPAA through the major five rules aims at defining offenses related to healthcare, has programs in place to prevent fraud or abuse of the healthcare system and sets penalties for such offenses. This is very evident in the Privacy Rule regulations.
The Privacy Rule applies to the entities called as ‘covered entities’ by HIPAA. Theseconsist of all the entities involved in the healthcare system like the health insurance companies, community health information system, medical providers, healthcare billing services, healthcare clearing houses, healthcare claims administrators, and any big or small healthcare facilities.
Essence of Privacy Rule
HIPAA defines ‘Protected Health Information’ (PHI) as any information pertaining to the health status of individual, healthcare provisions and the payments made for such provisions of healthcare that can be linked to an individual. The Privacy Rule in essence regulates the use or disclosure of protected health information by the covered entities.
Rights of the individual to whom the PHI pertains
- The PHI must be disclosed to the individual it is pertaining to if the individual requests for the same
- The individual has the right to request for correction of inaccurate information
- The individual should be notified if the PHI is shared with other covered entities.
- The individual can specify the modalities of communication and it should be adhered to in order to protect confidentiality.
Regulations for the covered entities
- The PHI must be disclosed to the law when required to do so by law. For example, when reporting child abuse or domestic violence to the child welfare agencies, the PHI may be required to be disclosed.
- Reasonable steps must be taken to ensure confidentiality while communicating about the PHI
- PHI may be disclosed for the purposes of further provision of treatment or payment, only to the extent necessary.
- PHI may be disclosed after an authorization by the individual to covered entities
- The covered entities must hire privacy official and a contact person for receiving complaints regarding violation of Privacy Rules
- 6. The workforce must be trained on PHI related communications.