The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed to facilitate health insurance reform, implement standards for the transfer of health data, and protect the privacy of healthcare consumers.
PHI and Covered Entities
The HIPAA Privacy Rule regulates the use and disclosure of individually identifiable health information, called Protected Health Information (PHI), by covered entities. Health plans, health care clearinghouses, and providers who transmit health information in electronic form in connection with specified transactions are considered covered entities. The Privacy Rule protects all electronic, paper, or oral PHI that is transmitted or maintained in any form or medium by a covered entity or its business associate, but excludes certain educational and employment records. The Privacy Rule generally prohibits the use or disclosure of PHI without the written authorization of the individual. There are instances when disclosure of information can occur without written authorization from the individual. Disclosures required by law and certain public health concerns are two areas where individual authorization may not be required.
The Privacy Rule gives individuals certain rights in respect to their health information including, but not limited to the right to inspect and request corrections or amendments to their PHI. The Privacy Rule requires covered entities to notify individuals of their privacy rights and how their PHI will be used and disclosed.
Civil and Criminal Penalties
The passing of the “American Recovery and Reinvestment Act of 2009” (ARRA) in 2009, established a tiered civil and criminal penalties structure for violations of HIPAA. Your practice is liable whether you knowingly or unknowingly violate these guidelines. As of spring 2011 State Attorney Generals have been instructed and trained to understand these violations and to enforce legal action.
As a healthcare provider maintaining the security of patient information and medical records referred to as PHI is vital. You must prevent unauthorized access from the internet and from users of your system. Failure to do so can result in civil and criminal penalties. Flexible Systems understands the HIPAA requirements and will make sure that systems are properly secured. We can offer an in house audit of your current system and suggest changes that will increase your compliance to HIPAA guidelines.