Everything You Wanted to Know About HIPAA But Were Afraid to Ask

Jun 11, 2022
Everything You Wanted to Know About HIPAA But Were Afraid to Ask

[ad_1]

This publish is a part of a sequence sponsored by AgentSync.

The Well being Insurance coverage Portability and Accountability Act of 1996 (HIPAA) could also be one of the crucial generally referenced medical health insurance legal guidelines, not simply by insurance coverage professionals, however within the on a regular basis lives of most People. Be taught a bit extra about what it’s, what it does (and doesn’t do), and the way it impacts the insurance coverage business.

Everything You Wanted to Know About HIPAA But Were Afraid to Ask

Please learn our discover of privateness practices

Fast! Title a healthcare legislation that everybody is aware of of, however nobody actually is aware of. When you guessed HIPAA, congratulations, you win! For on a regular basis residents, HIPAA references pop up at every physician’s workplace go to and, extra just lately, if a enterprise dares to require proof of COVID-19 vaccine standing for entry or service. Extra on that later, however spoiler alert: A enterprise requiring proof of vaccination to enter, or present providers, doesn’t violate HIPAA.

You’d be laborious pressed to seek out an American grownup who hasn’t heard of HIPAA, or who doesn’t realize it has one thing to do with medical privateness. However the collective information of this 500-page healthcare legislation ends there. And for most individuals, that’s OK. However should you work in insurance coverage, you is likely to be one of many few who really wants to grasp HIPAA extra than simply superficially. Then once more, HIPAA is so particular to medical health insurance and well being data that it doesn’t apply universally throughout the insurance coverage world, both.

What’s HIPAA?

Actually, it’s the Well being Insurance coverage Portability and Accountability Act of 1996. This legislation, signed in 1996 by President Clinton, was the primary legislation to deal with the privateness of well being and healthcare data. Even though digital medical information barely existed in 1996, HIPAA was forward-thinking and included references to digitization within the medical and medical health insurance discipline that wouldn’t come for years.

HIPAA gave U.S. residents the fitting to count on a point of privateness surrounding that data, notably on the subject of medical health insurance. It additionally gave us the fitting to entry our non-public well being data, even when that’s simpler stated than achieved more often than not.

A big a part of the complete HIPAA legislation is what’s often called the HIPAA Privateness Rule. In line with the CDC’s web site, “The Privateness Rule requirements handle the use and disclosure of people’ well being data (often called “protected well being data”) by entities topic to the Privateness Rule. These people and organizations are known as “coated entities.” The Privateness Rule additionally accommodates requirements for people’ rights to grasp and management how their well being data is used.”

In plain English:

  • Your private well being data is taken into account non-public, and thus “protected” by the legislation.
  • Sure entities (physician’s workplaces, hospitals, and medical health insurance corporations, amongst others) are topic to the Privateness Rule.
  • You even have the fitting to grasp and management how your protected well being data is used, together with who it’s shared with.

What does HIPAA do?

Merely put, HIPAA required the creation of nationwide requirements to guard delicate affected person well being data from being disclosed with out the affected person’s consent or information. The legislation gave duty for enforcement to the Division of Well being and Human Companies (HHS)’s Workplace for Civil Rights.

HIPAA additionally laid out legitimate causes for when protected well being data utilized by any coated entity could also be shared or disclosed. The ultimate legislation was over 500 pages, so that is clearly, and essentially, a really abridged model of the legislation! When you’re an even bigger insurance coverage nerd than we’re, you’re welcome to learn the complete textual content of the legislation right here!

Additionally, if HIPAA is central or tangential to your work, take into account this can be a condensed overview, not authorized steering or due diligence. When you want authorized recommendation, seek the advice of an legal professional.

What does HIPAA not do?

The brief reply is, “rather a lot.” As you’ve discovered by now, HIPAA applies to a really particular set of coated entities. A restaurant or bar shouldn’t be a coated entity. An airline shouldn’t be a coated entity. Thus, non-public companies that ask patrons to reveal their COVID-19 vaccination standing with the intention to enter or to be served should not topic to HIPAA and should not in violation of it.

As well as HIPAA additionally doesn’t cowl:

  • “Protected well being data employment information {that a} coated entity maintains in its capability as an employer and schooling and sure different information topic to, or outlined in, the Household Instructional Rights and Privateness Act, 20 U.S.C. §1232g.”
  • De-identified well being data, when medical data is totally separated from personally identifiable particulars concerning the human it got here from. For instance, a big checklist of ages, heights, and physique weights wouldn’t be protected if there’s no title, handle, Social Safety quantity, or different figuring out data that might hyperlink the well being knowledge with a selected individual.

Who’s required to comply with HIPAA?

HIPAA created normal definitions for kinds of companies and entities which might be topic to its privateness rule. These embody:

  • Healthcare suppliers
  • Well being plans (together with Medicare, Medicaid, long-term care, and others–with a couple of exceptions)
  • Healthcare clearinghouses
  • Enterprise associates (outlined as an individual or group aside from an worker of a coated entity who’s utilizing protected well being data to carry out providers for a coated entity)

That’s mainly it. So once more, your uncle shouldn’t be topic to HIPAA at a household dinner. Your neighbor’s bar or restaurant can be not topic to HIPAA. Your native grocery retailer, movie show, and place of employment (almost certainly!) should not topic to HIPAA.

If, and provided that, you’re one of many above entities or a “enterprise affiliate” of 1, are you and your organization required to adjust to HIPAA.

Why is HIPAA necessary?

Affected person privateness is one thing most of us would agree is a vital proper. Previous to 1996, nonetheless, this wasn’t essentially the case. It actually wasn’t assured or legally enforced.

Why HIPAA is necessary for the healthcare and medical health insurance business

Though 1996 is hardly what we consider as “the digital age” today, HIPAA was really forward-thinking for its time. It launched some essential ideas that might be key because the business moved from paper information to digital well being information.

HIPAA standardized how well being knowledge have to be collected and guarded, and enforced a nationally acknowledged set of codes and identifiers. Very like the transfer to structured knowledge in different industries, HIPAA necessities assisted the healthcare business in transferring towards a digital future the place well being data is shared between sufferers, medical doctors, clinics, insurance coverage corporations, and different entities each day with an emphasis on privateness.

Why HIPAA is necessary for sufferers

For sufferers, HIPAA is especially important. All of the extra in order medical information have moved into the digital age, making them topic to data safety breaches. Previous to the enactment of HIPAA, it’s seemingly that “coated entities” weren’t typically deliberately exposing private affected person data in unscrupulous methods, however there was no assure (nor have been there government-enforced penalties).

HIPAA was the primary legislation of its sort to create guidelines surrounding the storage and sharing of non-public well being data. It mandated a strict normal of knowledge safety controls for any organizations coping with such data. Plus, with legal guidelines in place, there are precise penalties for noncompliance.

HIPAA additionally empowered sufferers to take extra management over their healthcare by permitting them to entry their information for the aim of being extra knowledgeable about diagnoses and coverings, looking for extra medical enter from completely different suppliers, and even checking their information for errors. Earlier than HIPAA, healthcare organizations and medical health insurance corporations weren’t required to adjust to any affected person’s request to entry their very own medical information.

How does HIPAA influence the insurance coverage business?

For a lot of property and casualty insurance coverage carriers, brokers, brokers, and different insurance coverage companies, it actually doesn’t. For the overwhelming majority of the insurance coverage business – those that don’t take care of life, well being, accident, incapacity, or associated merchandise – HIPAA doesn’t apply.

For these producers who’re dually licensed, for insurance coverage carriers that deal in well being and life, and for any insurance coverage professionals who come into contact with protected well being data in the midst of doing enterprise, HIPAA is a priority and a legislation that requires compliance.

HIPAA also can influence employers who sponsor medical health insurance protection for his or her workers. This implies it’s one thing worker profit brokers must additionally take note of and alert their shoppers about.

Within the quarter century since HIPAA was first signed into legislation, it’s develop into a reasonably family title (as healthcare legal guidelines go!) however that doesn’t imply it’s easy or straightforward to grasp. When you’re within the medical health insurance enterprise, HIPAA is only one of many insurance coverage business rules you must take note of and make sure you adjust to. And you must get knowledgeable counsel in doing so.

Whereas AgentSync can’t enable you to there, we will undoubtedly hold compliance on observe on your non-HIPAA wants, comparable to producer onboarding and lifecycle administration. See AgentSync in motion right this moment.

[ad_2]