This is the first in a series exploring HIPAA and its impact on medical practice and compliance, patients’ rights, business and related topics. If you have a question about HIPAA and your business, please let us know.
HIPAA stands for the Health Insurance Portability and Accountability Act, passed by Congress and signed into law in 1996. HIPAA is designed to help protect American workers and their families with continued health insurance coverage and establish industry-wide guidelines to protect the confidential use of personal healthcare information.
HIPAA is comprised of two different parts, Title I and Title II. Each part addresses a specific area of health insurance reform. Here’s a brief overview of what each Title comprises:
Title I: Portability
Under this rule, employees and their families can enroll for health insurance coverage when they lose their job, get married or add a new dependent. According to the U.S. Department of Labor Employee Benefits Security Administration, the law prohibits “discrimination in enrollment and in premiums charged to employees and their dependents based on health status-related factors.”
Health insurance plans are not permitted to create eligibility rules based on a person’s health status, medical history, genetic information or disability. There are also limits on restrictions a group health plan can impose on benefits for pre-existing medical conditions.
Individual health plans cannot deny coverage or impose pre-existing condition exclusions on people who have had at least 18 months’ group coverage (with no significant breaks) and who are not eligible to be covered under any federal, state or group health plans at the time they seek individual insurance.
Title II: Administrative Simplification
Title II establishes a set of standards covering the use of healthcare information, including how such information is received, transmitted and maintained. It’s designed to guarantee the privacy and security of every individual’s healthcare and health status information.
Under Title II, strict privacy rules protect any individual health information that is transmitted and maintained in any form or medium. These rules specifically address the daily business operations of any organization that offers medical care and maintains personal health information.
A patient’s information can be shared with family members or others directly involved in that patient’s care. Physicians are not permitted to share health information with employers, nor can this information be used for advertising or marketing purposes without a person’s written consent.
What’s less commonly understood is that HIPAA does not protect the privacy of your information held by all organizations. This may include health insurance companies and workers’ compensation carriers. State agencies, municipal offices and law enforcement agencies are also exempt.
As part of HIPAA’s electronic data requirements, medical practitioners and the healthcare industry in general have been working to transfer all patient information from manual to electronic systems. The objective is to dramatically reduce the costs of paperwork, lessen the patient information error rate and enhance patient security.
For more detailed information about HIPAA, visit the “Health Information Privacy Page” at the U.S. Department of Health and Human Services – or if your practice is seeking a solution, simply contact Michael Rosenthal, our Compliance Liason, at email@example.com.