HIPAA Requires confidentiality of personal and health information.
As part of the Health Insurance Portability and Accountability Act of 1996, the Department of Health and Human Services had to create national standards for employers, health care providers, health insurance plans and health care transactions. Congress approved two parts of HIPAA, Title I and Title II. Title I ensures continuous health insurance coverage if a person loses or changes jobs. Title II is administration simplification and applies to electronic transactions and national identifiers.
Instructions
Regulating Title I
1. Check to see if group health insurance plans cover pre-existing conditions within 12 months of the insured person's enrollment.
2. File a reduction in exclusion if the newly enrolled individual previously had group health insurance. This reduces the 12-month exclusion period and gives credit for past coverage.
3. Check to be sure existing employees can purchase extended-coverage health insurance through the same provider if they quit, are terminated or change jobs.
Regulating Title II
4. Keep all individual and health information confidential. Protected health information includes payment history, insurance plans, social security numbers, health history, medical conditions, phone numbers and any other individual identifiers.
5. Provide individuals with requested personal health information within 30 days. Only provide protected health information to other entities, such as child welfare agencies, when legally required.
6. Correct inaccurate information as requested by the individual. Communicate confidentially with individuals and notify them how their protected health information will be used.
7. Designate a privacy officer and maintain written procedures pertaining to privacy and security breaches. Identify in writing which employees have access to protected health information and limit that number to essential job functions.
8. Require log-ins and passwords to gain access to electronic data. Maintain private work spaces and store protected health information securely under lock and key.
9. Utilize virus protection and encryption on networks and electronically stored information. Evaluate firewalls and other systems' security on a regular basis.
Enforcement
10. Report HIPAA violations to the Department of Health and Human Services Office of Civil Rights. Prepare for an investigation.
11. Correct violations and/or pay the penalty imposed. If the offender does not agree with the violation, he may request a hearing with an administrative law judge.
12. Provide HIPAA training to all employees on a regular basis, typically once a year. Display HIPAA standards where all people may read and understand them.
Tags: health information, protected health information, health insurance, insurance plans, protected health, Department Health
