Whether you're an employee of a health care practice or a business that provides health care services, it's important to understand the requirements of the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA is short for the Payment for Healthcare Act, and it's the law that outlines standards for the allowable uses and disclosures of protected health information (PHI).
HIPAA has three main sets of rules: Privacy, Security, and Breach Notification. Each is designed to protect the privacy of people's health information. HIPAA also imposes a number of criminal penalties for violations.
For example, a violation of the Privacy Rule can result in fines of up to $25,000 if the violation occurs in a calendar year, or up to $250,000 for willful violations. The Breach Notification Rule requires that affected individuals be notified of a breach within 60 days of discovery.
The Security Rule outlines technical safety measures that must be taken to protect PHI. It also applies to all electronic data.
The Privacy Rule requires that an individual's PHI be used only for the purpose for which it was disclosed. In addition, it prohibits the sale of protected health information without the individual's authorization.
The Privacy and Security Rules also limit the disclosure of PHI to health plans for certain treatments, and it expands individuals' rights to receive electronic copies of their health information. They also require health care providers to modify their notices of privacy practices.
If you have an organization that handles PHI, you may need to develop written policies and train employees on how to comply with HIPAA. You'll also need to evaluate your contracts to make sure they don't affect the privacy of your patients' information.
SITES WE SUPPORT
SOCIAL LINKS