Why is HIPAA in Healthcare Important?
HIPAA was enacted to regulate the healthcare industry. HIPAA in healthcare is particularly important to ensure the privacy and security of protected health information (PHI). HIPAA in healthcare is discussed below.
HIPAA in Healthcare: Covered Entities
HIPAA in healthcare is important for covered entities as it dictates the policies and procedures they are required to implement to adhere to the law. Policies and procedures must be created to ensure the proper uses and disclosures of protected health information (PHI).
They also dictate the protections that are required to be in place to secure PHI. To secure PHI an organization must have administrative, physical, and technical safeguards.
◈ Administrative: Include creating policies and procedures dictating the proper use and disclosure of PHI. PHI should only be used or disclosed to complete a specific job function, known as the minimum necessary standard. To ensure that this standard is met, employees must be trained annually on their organization’s policies and procedures, as well as HIPAA standards.
◈ Physical: Include securing areas that contain PHI. Physical safeguards may include installing alarm systems, locks on doors and cabinets storing patient files, CCTV cameras, etc.
◈ Technical: Include securing devices that have access to electronic protected health information (ePHI). ePHI is protected health information in electronic form. Technical safeguards may include encryption, firewalls, antivirus, multi-factor authentication (MFA), etc.
HIPAA in Healthcare: Business Associates
Business associates have an obligation to protect PHI as well. As part of the work business associates do for their covered entity clients, there’s a possibility that they will access PHI over the course of their work. As such, HIPAA in healthcare is just as important for business associates as it is for their clients. HIPAA business associates are also required to implement safeguards to ensure the confidentiality, integrity, and availability of PHI.
HIPAA in Healthcare: Patients
HIPAA was put in place to protect patients, as such HIPAA in healthcare is most important for patients. HIPAA dictates patient’s rights in regards to their protected health information. Under the HIPAA Privacy Rule, covered entities are required to provide patients with a Notice of Privacy Practices (NPP) before they are treated. An NPP informs patients on how their PHI will be used and disclosed.
The following must be contained in an NPP:
◈ The following statement, as a header, or otherwise prominently displayed: “THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.”
◈ A description of how PHI can be used for treatment, payment, and healthcare operations
◈ A description of the types of PHI uses and disclosures requiring patient authorization
◈ A description of the circumstances in which the covered entity may use or disclose PHI without written authorization
◈ The name, title, and phone number of a person or office to contact for further information or questions about the notice
◈ The date on which the notice is first in effect
◈ A statement that an individual may revoke an authorization
Patients have the the right to:
◈ Request restrictions on certain uses and disclosures of PHI
◈ Receive confidential communications of PHI, as permitted by law
◈ Inspect and copy PHI
◈ Amend PHI, as permitted by law
◈ Receive an accounting of disclosures of PHI
◈ Obtain a paper copy of the notice, upon request
◈ Complain to the covered entity and to the Secretary of Health and Human Services if an individual believes his or her privacy rights have been violated
