Many people believe that the Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, focuses only on keeping your medical information private. Much of that belief comes from new privacy agreements that were required at healthcare facilities after the law was passed. Actually, HIPAA provides several different protections for consumers in relation to their healthcare.
What is HIPAA?
HIPAA is the legislation that requires your employer to continue health care coverage for you and your family should you become unemployed. In addition, the legislation is designed to reduce healthcare fraud and abuse as well as require healthcare agencies to keep your medical information confidential. The law also mandates standards for electronic billing and other processes related to health care information.
The Privacy Rule under HIPAA provides you with safeguards designed to keep your medical information private. The law sets rules and requirements regarding how your medical information can be used and who it may be disclosed to without your authorization. Patients are provided rights over their information, including the right to review the information and obtain copies from medical providers. They also have the right to request corrections if errors are discovered in their medical records.
Today, most medical records are stored electronically and HIPAA provides security features designed to keep the information stored in that manner private. Healthcare providers are required to implement administrative, physical and technical safeguards to be sure the integrity, confidentiality and security of all medical records are protected. Healthcare information technology companies now offer many different health data storage programs designed to keep the information they store for healthcare professionals safe and secure.
Breach Notification Rule
If your medical information is compromised due to a security breach, HIPAA requires that you be notified of that breach. A breach occurs when medical information is obtained in a manner that is not permitted under the law. If a breach is suspected, it is the responsibility of the business where the breach occurred to demonstrate that the breach resulted in a low probability of compromised health information. The business must then notify victims of the breach whose medical records were compromised, the media, and the Secretary of Health and Human Services.
Transaction and Code Standards
In addition to these protections, HIPAA set standards for transactions and codes used to transfer healthcare information. If a healthcare agency engages in a transaction covered by HIPAA, they must comply with the standard. These standards cover claims, encounter information, payments and the status of the claim. Healthcare providers who engage in these transactions must also agree to abide by the HIPAA Privacy Rule.
If you believe a healthcare provider or other entity has violated HIPAA regulations, you may file a complaint with the Office for Civil Rights (OCR). Those covered by HIPAA legislation include:
- Health plans
- Healthcare clearinghouses
- Healthcare providers who conduct business electronically
In order to file a complaint, you may submit the information in writing, electronically through the OCR Complaint Portal or by mail, fax or email. You must name the entity or business associate involved and describe how you believe they violated HIPAA. The complaint must be filed within 180 days of when you knew the violation occurred. If you can show good cause as to why you did not report the matter within 180 days, you may be able to extend the deadline. HIPAA prohibits retaliation for filing a complaint and you should notify OCR immediately if retaliation occurs.
HIPAA provides many protections for you as a consumer. Companies who store and transmit your medical information must take steps to protect that data under federal legislation.