HIPAA compliance is crucial in the healthcare industry, but understanding all of the rules and regulations can be a challenge. Let’s start with the basics!
HIPAA is an acronym for the “Health Insurance Portability and Accountability Act,” it was enacted in 1996 in an effort to make the healthcare industry more modern and protect patients, doctors, insurance companies, and almost any group or person you can think of related to the healthcare industry.
There are three main objectives that HIPAA accomplishes.
- HIPAA ensures people have health insurance in between jobs.
- It standardizes electronic billing practices.
- HIPAA provides rules and regulations for handling protected health information. This is the objective that most people think about when they hear the term, “HIPAA.”
In this article, we will focus on the third objective – handling protected health information (PHI). So what exactly is PHI?
For the purposes of HIPAA, PHI is defined as “information that when used alone or combined with other data points can be used to reasonably identify a person.” There are 18 data points that can individually, or uniquely identify a person, and these all fall under protected health information.
Other important terms to understand are:
- Standards – These are the safeguards that HIPAA expects to be in place.
- Implementation specifications – These are the required steps (or procedures) to implement the standards and safeguards
- Safeguards – Required controls to protect personally identifiable health information, in other words, security and privacy objectives. The Security Rule is broken up into 3 safeguards: Administrative, Physical and Technical.
- Business Associate – a third party vendor, contractor, or consultant that will receive, create, access, transmit or store protected health information.
There are three main rules in HIPAA governing the use and disclosures of PHI as well as securing electronic PHI and the reporting of breaches. They are, the Privacy Rule, the Security Rule and the Breach Notification Rule. The Privacy and Breach Notification rules govern PHI in any media: written, spoken, electronic, and so on. The Security Rule is only concerned with electronic PHI. Each of these main rules is covered in depth within this video series.
The HIPAA Basics video series is designed for Compliance Officers, HIPAA Compliance Officers (Privacy and Security), and Employees of organizations that are required to comply with HIPAA, including Covered Entities and Business Associates. HIPAA Basics provides an overview of the basic principles in HIPAA, HITECH and Omnibus.
Enjoy a 1-minute preview of “HIPAA: Introduction” below: