Since when the Healthcare Insurance Portability and Accountability Act (HIPAA) was introduced in the U.S, it has become one of the most important parts of security and privacy efforts. This federal legislative law lays out many requirements and specifications to cover entities to provide a safe environment for patient data, offering a multi-dimensional set of security provisions and data privacy requirements.
In protecting an individual’s health care data and information, the HIPAA Privacy rule serves an important factor in healthcare organizations to achieve and maintain HIPAA compliance.
What Is The HIPAA Privacy Rule?
According to HIPAA Privacy Rule, all health care agencies, covered entities, and business associates, must protect the personal health information of the individual to which they have the access regarding identity information, as well as confidential health information.
HIPAA Privacy rules was came into existence in 2002 and were implemented to protect the confidentiality of patients’ protected health information (PHI) without obstructing the flow of information necessary to provide optimal treatment. According to this law, individual have the right to access their health care data and they can ask to examine the data and can even ask for the changes in it if needed. These individuals must know with whom their data is being shared and disclosed. If there is any breach in this data then covered entities must inform the individual within 60 days after the data is being leaked.
HIPAA privacy laws apply to any business associates and covered entities that have any degree of access to healthcare information about an individual. Thus, other entities subject to HIPAA privacy laws include the following:
- Employer that provide in-house healthcare plans
- Health insurers
- Healthcare clearinghouses
Basically anyone that has access to an individual’s PHI must comply with all HIPAA privacy rules.
What Type Of Information Is Protected By HIPAA Privacy Laws?
Any information (PHI) that serves to expose a patient’s identity is protected by HIPAA privacy rule. Any information that exposes individual’s information in the following ways is protected by Privacy law.
- Any form of information that tells about the physical or mental health condition of the patient in the past, present or any medical tests to be taken in the future.
- Health care treatment and services provided to the individual.
- Any financial transaction made by an individual for his health care in the past, present or future.
The following information is protected under HIPAA law:
- Addresses (including subdivisions smaller than state such as street, city, county, and zip code)
- Dates (except years) directly related to an individual, such as birthdays, admission/discharge dates, death dates, and exact ages of individuals older than 89
- Telephone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate and license numbers
- Vehicle identifiers
- Device identifiers and serial numbers
- Website URLs
- IP addresses
- Biometric identifiers, including fingerprints, voice prints, iris and retina scans
- Full-face photos and other photos that could allow a patient to be identified
- Any other unique identifying numbers, characteristics, or codes