Health Insurance Portability and Accountability Act (HIPAA) was first introduced in 1996 by U.S congress. The main focus of this act was to enhance the efficiency of the health care system of the U.S. Later in the year 2002 HIPAA privacy rule came into existence with the goal of protecting the confidentiality of patients and their healthcare information while enabling the flow of patient healthcare information when it is needed.
HIPAA Privacy Rule regulates who can have access to Protected Health Information (PHI).
Health Insurance Portability and Accountability Act has made national codes and specifications under Privacy rule to protect and secure the health care data and other personal information of an individual. Under the Privacy Rule, there are certain conditions on the uses and disclosures of health care data and personal information of an individual. It puts conditions on the uses and disclosures of this individual data (health care information) and any health care organization must inform the owner before sharing it with other parties. Privacy rule also gives an individual the right to examine and obtain a copy of their health records and to request corrections.
The main purpose of this Privacy Rule in HIPAA compliance is to provide security, privacy, and confidentiality to the patient’s health information while allowing the flow of health records required to give high-quality health care and to safeguard the public’s health and overall well being.
Who is covered by the Privacy Rule?
The Privacy Rule applies to:
Health Plans:- This health care plan includes employer-sponsored health plans, government and church-sponsored health plans
Health Care Providers: – Privacy rule applies to every health care provider, regardless of size and employees. All those organizations that transmits health information, including Insurance claims, benefit eligibility, referrals and authorizations, requests, or other transactions come under HIPAA’s Privacy Rule.
Business Associates:- HIPAA’s privacy rule applies to all those businesses, individual, and organizations whose services include the use or disclosure of protected health records and those who can easily access to any protected health care data and information of the patient.
Hybrid Entities: – A “hybrid entity” means an institution with both HIPAA-covered and non-covered functions. Such examples are, the Student Health Center and Counseling Center are part of UNC’s health care components, but the School of Music is not.
What information is protected?
HIPAA’s privacy rule protects all that information that includes the patient’s identifiable health information. The Privacy Rule also refers to all the information that comes under PHI.