What is HIPAA?
HIPAA is the US statute of the year 1996 i.e. Health Insurance Portability and Accountability Act,1996 which was enacted on 21 August to provide security to the medical information and records of the patient. HIPAA is the prevailing law, it overrides the state laws but if any state’s law is stringent then the state laws will be implemented.
Purpose of HIPAA?
HIPAA is a Public law that aims to protect and do public welfare. As the Right to privacy is one of the fundamental rights, HIPAA ensures that people must get full insurance coverage along with privacy and security of their information to protect them from any abuse and fraud.
The Protected Healthcare Information (PHI) under HIPAA can be
- Physical health and condition of an individual/patient either in the past, present or future.
- Past, present, and future healthcare services payments by the individual/patient.
- Healthcare services are rendered to the patient.
- No disclosure of any of the identifiers listed by HIPAA such as names, fingerprints, Medical report number, phone number, email id, IP address number, social security number, bank account number, etc.
.png)
What are the 5 components of HIPAA?
HIPAA is divided into 5 sections:
- HIPAA Health Insurance Reform
- HIPAA Administrative Simplification
- HIPAA Tax-Related Provisions
- Group Health Plan Requirements
- Revenue Offsets
Under these sections, HIPAA has an objective
- to direct the Healthcare organizations to comply with the Privacy rules by the US Department of Health and Human Services (HHS),
- to include tax-related provisions on healthcare,
- to provide Health Insurance forms and the pre-conditions/ requirements to fulfill before filling the forms,
- to provide provisions related to tax revenue from company-owned life insurance and those who have lost their US citizenship, etc.
What information is covered under HIPAA?
Any information that reveals the identity of an individual is covered under HIPAA. There are 18 listed items in HIPAA for such information, you can check below:
- Full names or last name and initial
- Phone Numbers including area code
- Biometric identifiers
- Photographs of an individual
- Fax number
- Any geographical identifiers
- Email id address
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Social Security number
- Medical record numbers
- Dates like birthday or treatment dates
- Health insurance beneficiary numbers
- Bank Account numbers
- Certificates/driver's license numbers
- Vehicle Identification number and license plate number, as well
- Device identifiers and serial numbers
- Except the unique code assigned by the investigator to code the data, any other unique identifying number or code will be a personal identifier under HIPAA.
What is the HIPAA Privacy rule?
The information about an individual under HIPAA such as Protected Health Information (PHI) or Personal Health Records (PHR) is limited and protected by the HIPAA provisions. Any entity covered under HIPAA is not allowed to disclose any PHI-sensitive information of the patient to a third party.
This was aimed to provide confidence in healthcare providers and protection against any fraud or abuse to the individuals/patients.
These entities are divided into Healthcare planning organizations, Healthcare Providers, and Healthcare cleaning houses. Any violation of the HIPAA Privacy Rule will result in a penalty.
What are Privacy rule penalties?
The penalty is imposed on the noncompliance and violation of Privacy rule under HIPAA depending on the severity of the violation:
- Unintentional violation of HIPAA is penalized for $100 per violation, with an annual maximum of $25,000 for repeat violations.
- Violating HIPAA for a reasonable cause is penalized for $1,000 per violation and maximum of $100,000 for repeat violations.
- Intentional and willful violation of HIPAA, but if the violation is corrected within a given time period then fine will be imposed for $10,000 per violation and maximum of $250,000 for repeat violations.
- Willful violation of HIPAA provisions and the violation remains uncorrected then fine will be imposed for $50,000 per violation and maximum of $1.5 million for repeat violations.