Vision insurance is among the programs covered by HIPAA.
The Health Insurance Portability and Accountability Act, or HIPAA, is a federal law designed to protect the privacy of patients when medical information is exchanged electronically. Providers, employers and insurance companies must follow the guidelines to maintain the confidentiality of information. The intent of the law is also to help prevent fraud and waste, improve the continuity and portability of insurance and improve and simplify access as well as administration.
History
Congress passed the original HIPAA law in 1996. The act amended a decade-old Internal Revenue Code that had sought to address the same basic issues. HIPAA Title I addresses access to health care and the portability and ability to renew policies. HIPAA Title II focuses on the prevention of abuse and fraud, provides simplification for administration and addresses reforms for medical liability. The HIPAA privacy rule went into effect in December 2000, with modifications made in August 2002.
Applicability
The standards apply to health insurance plans, clearinghouses and all health care providers who transfer electronic data regarding patients. Dental, medical, vision and prescription insurance plans are all considered health insurance plans. Protected data includes information that identifies or could identify the patient, information regarding his current physical or mental condition as well as his past or future health and his payment information. The law also applies to financial institutions that process payments for health-related services, including policy payments, regardless of the payment method. Exceptions exist for employers who sponsor a health plan with fewer than 50 participants.
Covered Transactions
Information that shows an individual's eligibility for health insurance or her enrollment or discontinuance of such insurance is protected by the act. So, too, are claims for benefits and any attachments, remittance information for premiums or payments to providers, initial injury reports, status of claims and referral authorizations. In addition to electronic transactions, HIPAA requires entities to protect paper records by keeping them in a secure area and limiting access to only personnel with a need to access the records.
Penalties for Violations
HIPAA provides severe penalties for those who do not comply with the legal requirements. As of February 2011, anyone who fails to comply can be fined up to $100 per incident, to a maximum of $25,000. If the person knowingly uses, obtains or discloses protected information, the penalty can include a fine of up to $50,000, one year in jail, or both. If the violation occurs under false pretenses, the penalty can be as much as $100,000 and/or five years in prison. An offense committed for gain or malicious harm may be punished with a fine of up to $250,000, a 10-year prison sentence, or both, whether the intent was to use, transfer or sell the information.
Permitted Disclosure
Information may be released with the patient's consent. HIPAA also allows the release of information when there is a legal requirement to do so. For example, physicians may report instances of domestic violence, neglect or abuse, or a hospital may need to report evidence that a patient committed a crime. If a provider has reasonable cause to suspect a patient poses a serious threat to the public or an individual, it may disclose the information to the police or the target of the threat.
Tags: health insurance, insurance plans, health care, Health Insurance, health insurance plans, Health Insurance Portability
