HIPAA stands to Health Insurance Portability and Accountability Act. People often refer to HIPAA but not the original Act. They are referring to the Privacy Rule, which was created as a result of HIPAA. It is a Notice of Health Information Practices.
The official summary of HIPAA Privacy Rule by the United States Department of Health & Human Services is 25 pages long. This is just a brief overview of key elements. As you can see, it covers quite a lot. Here is a brief overview of the Privacy Rule.
The Privacy Rule was established in 1996 to protect individuals’ health information. These guidelines ensure that individuals’ health records are secure while allowing necessary information to be made public in order to provide health care and protect the public’s well-being. This means that not everyone can view a person’s medical records. However, if you wish someone, such as a doctor, to have access to your records, you can sign an authorization granting them access.
What is your health information? And where did it come from? Health plans, health care clearinghouses, or health care providers can hold or transmit your health information. These entities are called covered entities according to the rule.
These guidelines are also applicable to business associates of health plans, health-care clearinghouses, or health care providers. These entities offer financial, legal, actuarial and accounting services.
What is a Privacy Notice?
- Information collected by your health plan.
- Description of the information in your health record.
- This summary will give you a brief overview of your rights regarding health information.
- The group health plan’s responsibilities.
Let’s take a look at each one individually:
Information Collected by Your Health Plan
To provide benefits, the group healthcare plan gathers the following information:
You provide information to the plan to enroll, including personal information like your address, telephone number and date of birth.
Information about account balances and plan contributions.
You are/have been enrolled in the plans.
Information about your health that you have received from your doctors or other healthcare providers.
Information about your health, including diagnosis and payment information.
Changes in plan enrollment (e.g. adding or dropping participants, or adding or subtracting benefits.)
Benefits of the plan are paid.
Medical management or case.
We may need additional information to be able to offer you health benefits.
Understanding Your Health Record/Information:
A record is kept of every visit to a hospital, doctor, or other healthcare provider. This record usually contains your symptoms, test results, diagnosis, treatment and a plan of future care.
This information is often called your medical or health record. It serves as a:
Base for planning your care.
Communication between the various health professionals involved in your care.
Document that describes the care received.
This is how you, or a third party payer, can verify that the services actually were provided.
Tool in educating health professionals.
Source of data to support medical research.
Information source for public health officials responsible for improving the nation’s health.
Source of data to support facility marketing and planning.
The plan sponsor can use this tool to assess the benefits of the group health plan and then work with the company to improve them. You can understand what information is in your records and how it is used to help you:
Assure its accuracy.
You can better understand who, what and when others might access your health information.
When authorizing disclosure to other people, make more informed decisions
Your Health Information Rights
Your health record is not the property of the plan or the healthcare practitioner who compiled it. However, you own the information. You have the right:
Ask for a restriction on other permitted uses and disclosures.
You can request a paper copy this notice of information practices, even if the electronic version was agreed to by you.
You can inspect your medical records and request a copy by writing to the privacy officer of your plan.
You can request the amendment of your health record from the plan privacy officer by writing.
You can request a written account of all disclosures of your personal health information in the past six years from the plan privacy officer.
You can request communications regarding your health information via alternative methods or locations.
You can revoke your authorization to use and disclose health information, except where action has been already taken.
Group Health Plan Responsibilities:
You will need a group healthcare plan to:
Protect your privacy.
This notice will inform you about the planaEUR(TM), its legal responsibilities and privacy practices in relation to any information collected or maintained about you.
Respect the terms of this notice.
If the plan cannot agree to a restriction, we will notify you.
Accept reasonable requests to communicate your health information using alternative methods or in alternative locations. Your personal information will be restricted to the people who are required to access it to administer the plan and its benefits. To protect your personal data, the plan will use all available physical, electronic and procedural safeguards in accordance with federal regulations. Individuals who have access to plan information must comply with the privacy standards.
As required by law, protect and secure confidential financial and health information. Your confidential health information will not be used or disclosed by the plan without your consent for treatment, payment, and/or healthcare operations. Your confidential health information will be disclosed to the plan sponsor only for administration purposes.
Limit participant healthcare information collection, disclosure, or use to the extent necessary to administer the plan.
Only authorized, trained personnel should have access to confidential information.
Other items may also be addressed:
Communication with loved ones. The plan provisions allow the company to disclose health information to employees’ family members, guardians, and any other person identified by the company, in order to assist them with obtaining or paying for healthcare benefits.
Business associates. Business associates can provide certain services to the plan. These include attorneys, accountants, actuaries and medical consultants. In order to allow them to complete the task we have assigned, it might be necessary for us to share your health information with our business associates. The company will ask business associates to protect employees’ health information.
Benefit coordination. The plan can disclose health information when authorized by the plan and as necessary to comply with benefit coordination.
Workers’ compensation. The plan can disclose health information in accordance with workers compensation laws.
Law enforcement. Law enforcement. The plan can disclose health information to law enforcement as required by law, or in response a valid subpoena.
Business sale. Medical information may be released if the business of the plan sponsor is sold. The plan reserves all rights to modify its policies and make the new provisions applicable to any protected health information it holds. If the company’s information practices are changed, it will send a revised notice at the address provided by each employee.