The HIPAA Rules require two essential things:
- Protection of confidentiality and security of health data through setting and enforcing standards.
- Improved efficiency in healthcare delivery by standardizing electronic data interchange.
The HIPAA Rules impact the County of Sacramento because HIPAA covers virtually every healthcare organization. This includes all health care providers, health plans, public health authorities, healthcare clearinghouses, and self-insured employers – as well as life insurers, information systems vendors, various service organizations, and universities.
The County of Sacramento is defined by HIPAA as a "hybrid entity". This means some programs within departments are "covered" by the HIPAA Rules, while others are not. HIPAA requires (mandates) that every healthcare organization, whether completely covered by the Rules, or partly covered (hybrid), must have an internal, set of policies and procedures and a mechanism to monitor compliance.
Q: What does the HIPAA Privacy Rule do?
A: The HIPAA Privacy Rule for the first time creates national standards to protect individuals' medical records and other personal health information. [Protected Health Information - PHI]
- It gives patients more control over their health information.
- It sets boundaries on the use and release of health records.
- It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
- It holds violators accountable, with civil and criminal penalties that can be imposed if patients' privacy rights are violated, and
- It strikes a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health.
Q: What does HIPAA do for patients?
A: HIPAA enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
- It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
- It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
- It empowers individuals to control certain uses and disclosures of their health information. When it comes to personal information that moves across hospitals, doctors' offices, insurers or third party payers, and across State borders, our country has relied on a combination of Federal and State laws. Prior to the adoption of HIPAA and the Privacy Rule, personal health information could be distributed--without either notice or authorization--for reasons that had nothing to do with a patient's medical treatment or health care reimbursement.
Q: Why does HIPAA involve electronic transactions?
A: Health care providers have a strong tradition of safeguarding private health information. However, in today's world, the old system of paper records in locked filing cabinets is not enough. With information broadly held and transmitted electronically, the Rule provides clear standards for the protection of personal health information.
Q: Are health care providers restricted from consulting with other providers about a patient's condition without the patient's written authorization?
A: No. Consulting with another health care provider about a patient is within the HIPAA Privacy Rule's definition of "treatment" and, therefore, is permissible. In addition, a health care provider (or other covered entity) is expressly permitted to disclose protected health information about an individual to a health care provider for that provider's treatment of the individual.