Learn About HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was formulated by the US Congress on 1996. It was implemented in 2003. With the HIPAA, the Congress modified the privacy and disclosure guidelines set by the US Department of Health and Human Services (DHHS). It is hardly surprising, that the law has garnered much interest amongst the medical fraternity and consumers.
As per the guidelines of the HIPAA law, some bits of individually distinguishable health data, commonly referred to as protected health information (PHI) will be treated as confidential. They can only be disclosed without an individual’s consent, to authorized health officials who may require these for preventing or controlling disease, injuries, or disabilities or for the purpose of health surveillance.
There are other instances where compliance to HIPAA laws varies across scenarios, like when claiming an insurance coverage, furnishing records for employment purposes, applying for government benefits, or during an investigation of health and safety standards at the workplace. During these times, HIPAA rules are relaxed and medical records are disclosed.
As per the guidelines of the HIPAA law, these agencies and entities have access to your medical records: insurance companies, government agencies, the central repository maintained by the Medical Information Bureau (MIB), the databases at IntelliScript and MedPoint, and your employers. In some cases, your medical records may also be subpoenaed for court cases involving litigation, workers’ compensation hearings, or an administrative hearing.
Law enforcement officials are also entitled to receive protected health information during investigations of incidents like stabbing, gunshot wounds, or abuse.
HIPAA laws also encompass a patient’s right to access his own medical records.
HIPAA can be broadly classified into several constituent laws.
The Office for Civil Rights is the custodian of the constituent HIPAA Privacy Rule, which protects the privacy and disclosure terms and conditions of individually identifiable health information. The HIPAA Security Rule delineates the national security measures for safeguarding electronically protected health information.
These HIPAA laws are applicable to medical records that are electronically held by health care providers, health clearinghouses, and health plans. They are collectively known as “covered entities.” Medical records that lie outside the ambit of the health care facilities and plans are not covered by HIPAA. HIPAA laws also do not cover those parts of medical records dealing with financial information, employment records, and educational data.
The significance of HIPAA medical records related rules has increased manifold with the widespread use of electronically documented and archived medical records. The use of computers has meant that a larger number of people now can have access to medical records of individuals.
HIPAA Compliance vs. Disclosure of Public Records
If a state agency is a “covered entity,” it has to adhere to the guidelines laid down by the HIPAA law. That is, if a covered entity is required by state law to safeguard protected health information, it can, under the rules of the HIPAA Privacy Act, disclose the information for specified purposes only.
A state agency that is not a “covered entity” is not required to comply with HIPAA laws. The agency may then choose to disclose medical records as per the dictates of the state public records laws.