The Health Insurance Portability and Accountability Act of 1996
In 1996, Congress passed the Health Insurance Portability and Accountability Act in response to pre-existing condition provisions, fraud in the healthcare delivery system and concerns over information privacy. The rules promulgated under the Act's authority specify numerous standards, including those for information privacy and security, which are intended to achieve administrative simplification and facilitate greater protection of patient information.
Privacy & Security
The Final Privacy Rule and the recently promulgated modifications set forth specifications pertaining to the privacy of individually identifiable health information (IIHI). The Rule requires Business Associate Agreements between covered entities (healthcare providers, health plans, etc., and third parties with access to patient information, under certain circumstances. Further, the Rule addresses Notices of Privacy Practices and Authorizations-their substance and their use- and grants patients the right to access their health information, request amendments, and obtain disclosures regarding entities requesting and receiving their health information.
Other aspects of the Privacy Rule include documentation of privacy policies and practices, Privacy Officer positions within each covered entity's work force and Minimum Necessary requirements, which, in many instances, limit disclosure of protected information to only that which is necessary to carry out the function for which the information is requested. With the strides in information management technology and healthcare delivery, concerns over the availability, integrity and confidentiality of information continue to grow. Accordingly, the proposed Security Standard specifies administrative, physical and technical requirements for use in the maintenance and/or transmission of electronic health information. Like the Privacy Rule, the Proposed Security Rule requires Chain of Trust Agreements where protected health information is used by, or disclosed to, certain third parties. Existing agreements between covered entities and third parties will have to be evaluated to ensure that covered entities remain compliant with HIPAA regulations.
Important Link to Frequently Asked Questions About the HIPAA Privacy Rule: