What does it mean?
HIPAA stands for The Health Insurance Portability and Accountability Act. It became a United States statute in 1996 during President Bill Clinton’s first term. HIPAA was created to “improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”
In layman’s terms, this means that HIPAA makes it easier to add family members to your coverage if you’re changing jobs. It also cracks down on shady health insurance practices and generally make it easier to have long-term services/coverage as well as make it easier to navigate health insurance systems.
What are the three rules?
HIPAA’s three rules are called: 1) The Privacy Rule, 2) The Security Rule, and 3) The Breach Notification Rule.
The Privacy Rule: “The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.”
Source: www.hhs.gov/hipaa/
This means that insurance providers have a strict set of rules placed on them for internet-based or electronic-based transactions with you. They are also not allowed to disclose particular pieces of information about you without your consent.
The Security Rule: “The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.”
Source: www.hhs.gov/hipaa/
This means that insurance providers are required to follow strict rules about how they process and store your information.
The Breach Notification Rule: “requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers,….”
Source: www.hhs.gov/hipaa/
This means that if your health information is leaked or stolen from an insurance provider then they are required to let you know.
Remember, rules are made because we learn that we need them. Imagine how much information got out and was used against people who needed insurance before these rules were implemented.
What is protected by each rule?
The Privacy Rule protects you from having your health information used to individually identify you and have that information used against you.
The Security Rule protects a specific subset of information covered by the Privacy rule. It’s all the information that an insurer creates, receives, maintains, or transmits in electronic form.
The Breach Notification Rule protects you from not knowing your information has been stolen or leaked. “Following a breach of unsecured protected health information, covered entities must provide notification of the breach to affected individuals, the Secretary, and, in certain circumstances, to the media. In addition, business associates must notify covered entities if a breach occurs at or by the business associate.” www.hhs.gov/hipaa/ In other words, you have to be told, the government has to be told, and sometimes the media has to be told if information is breached. It also means that if a particular company that works with a provider leaked or had your information stolen then they must also let you know that it happened in their system.
Is HIPPA only for medical providers?
According to hhs.gov, HIPAA covers health plan providers, health care clearinghouses, and health care providers who conduct certain financial and administrative transactions electronically. These are all called “covered entities.” It also applies to contractors to these entities which are called “business associates.”
This means anyone that has something to do with your medical records and payments is held accountable for keeping your information private and secure.
If You’d Like to Talk
If you’d like to learn more about your protections or which providers can offer you the best insurance for your needs just reach out to me. I’ll walk you through the world of health insurance safely and securely.
