What Is HIPAA And How Does It Apply To You?

What is HIPAA? And how does it affect you? In this blog, we examine what this federal law is, the history behind it, and what you should know when it comes to protecting your private health information. Keep reading below to find out more!

The History Of HIPAA

HIPAA, an acronym for the Health Insurance Portability and Accountability Act of 1996, was enacted as a congressional attempt at healthcare reform to protect health insurance coverage for workers and their families in case of job loss and require health insurance companies to cover any pre-existing conditions. Once passed, the act focused on five key areas: protect health insurance coverage, improve access to healthcare, reduce healthcare fraud and abuse, reduce healthcare administrative costs, improve healthcare, in general, to minimize imparity in healthcare and notify patients if their health information has been breached.

The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule standards to implement HIPAA requirements. These Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the privacy rule. These individuals and organizations are called “covered entities.”

Who Needs To Sign A HIPAA Agreement?

1) Individual healthcare providers (like physicians, nurses, pharmacists)

2) Institutional providers (such as hospitals and health systems)

3) Human subjects researchers working with PHI

4) Covered entities and business associates providing services such as claims processing, data analysis, utilization review, and billing

5) Healthcare clearinghouses

6) Service providers (such as Boston Technology Corporation) who develop and manage applications with protected information, as well as the cloud infrastructures these apps, are hosted on

What Is Protected By HIPAA?

The most important thing protected by HIPAA is your private health information (PHI); this includes any health information created or received by a health care provider relating to the past, present or future physical or mental health conditions of an individual, the provision of healthcare to an individual, or payment for healthcare by an individual. Also, to note, PHI includes healthcare data transmitted in any form or medium ranging from paper, electronic and verbal communications.

So, what are a few examples of PHI? Examples include medical records and research data files, research data sets, lab work such as blood tests, hospital bills, MRI scan data, clinical or research appointment schedules, and more.

HIPAA Amendments

The US Congress amended HIPAA law in 2009 by incorporating the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). According to the HIPAA Journal, “The HITECH Act encourages healthcare providers to adopt electronic health records (EHR) to improve privacy and security protections for healthcare data. This was achieved through financial incentives for adopting EHRs and increased penalties for violations of the HIPAA Privacy and Security Rules.”

Through this act, “The Meaningful Use program” was created to incentivize care providers to adopt certified EHRs such as electronic prescribing, immunization registries reporting, clinical data registry reporting, etc.

So, how does this act affect you as a patient? Through this amendment, the privacy and security concerns associated with your health information’s electronic transmission are addressed to protect patients from any data breaches regarding their private health information.

How Has BTC Addressed HIPAA & HITECH?

As recently as September 14, many Boston Technology Corporation tech team members participated in a HIPAA compliance certification training to learn more about privacy, confidentiality, HIPAA security awareness protocols, breach consequences, breach notification rules, risk mitigation, and potential correction plans. Through this training, the BTC team learned about the authorized uses and disclosures of PHI, how to request a disclosure of PHI, what an incident response policy looks like, understanding new concepts in terms of patient rights, and knowing the consequences for non-compliance with the law in addition to the other topics listed above.

To learn more about BTC and how their services can benefit you, contact them by clicking here.

Topics