AMARILLO The initials HIPAA have been showing up in health-related news stories or information from health care providers. That stands for the Health Insurance Portability and Accountability Act. But what exactly does that mean?
Andrew Crocker, Texas Cooperative Extension gerontology specialist, provided some answers.
Q: What exactly is the Health Insurance Portability and Accountability Act?
Crocker: (It’s the) first-ever federal privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers. Developed by the (U.S.) Department of Health and Human Services, these new standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent a uniform, federal (basis) of privacy protections for consumers across the country. State laws providing additional protections to consumers are not affected by this new rule.
Q: When was it written into law?
Crocker: (It was) signed Aug. 21, 1996.
Q: Why was it established?
Crocker: Congress called on health and human services to issue patient privacy protections as part of the Health Insurance Portability and Accountability Act of 1996. HIPAA included provisions designed to encourage electronic transactions and also required new safeguards to protect the security and confidentiality of health information. The final regulation covers health plans, health care clearinghouses and those health care providers who conduct certain financial and administration transactions electronically.
Q: How does it affect health care providers, such as doctors and hospitals?
Crocker: The privacy rule requires health plans, pharmacies, doctors and other covered (health care providers) to establish policies and procedures to protect the confidentiality of protected health information about their patients. These requirements … allow different covered entities to implement them as appropriate for their businesses or practices. Covered entities must provide … protections for patients … such as providing a notice of their privacy practices and limiting the use and disclosure of information as required under the rule. In addition, covered entities must take some additional steps to protect patient privacy, (such as): written privacy procedures, employee training and privacy officer, and public responsibilities.
Q: What kind of impact does HIPAA have on the day-to-day lives of average Americans?
Crocker: People probably don’t see it day to day other than having to sign a statement acknowledging a HIPAA policy for that particular provider or institution. It allows easier access to:
- Ask to and get a copy of personal health records.
- Have corrections added to personal health records.
- Receive notice … that your personal health records have been used and/or shared.
- Decide if you want to give permission before your health information may be used or shared.
- File a complaint against your provider, health insurance, etc., if your rights have been violated.
Probably the most notable difference people might notice is when they are involved in the care of another person, (such as) a parent. The caregiver is not entitled to view, change or discuss the medical record of their care recipient without proper authorization from that person. This isn’t so much a problem unless the person is incoherent from a disease such as Alzheimer’s or stroke.
Q: Why is HIPAA a good idea for consumers? What does it protect them from?
Crocker: It provides patients guarantees for privacy and security for their personal, private health information. It also establishes procedures for health providers to ensure that protection. Also, it give patients an avenue to seek justice and file complaints when they feel their privacy has been violated.
Crocker also recommended visiting the Department of Health and Human Services Web site at http://www.hhs.gov/ or calling 866-627-7748 for more information.