The recent media swarm concerning Ebola patients raises questions as to if and when HIPAA, short for the Health Insurance Portability and Accountability Act of 1996, protects patients' health information. This concern is heightened by the newly adopted HIPPA regulations, which entail more detailed obligations for compliance.
Even a minor HIPAA indiscretion can result in considerable legal, financial and reputational repercussions. Therefore, understanding HIPAA requirements are crucial for businesses and individuals handling health information.
Does HIPAA Apply?
HIPAA does not protect all information, not even all health
information. There are specific regulations to qualify for HIPAA
protection, so understanding the components of these regulations is
integral to discern if HIPAA applies in the first place.
For example, protected health information (PHI) is defined
as 'individually identifiable health information' that is
transmitted or maintained in electronic media or in any other form
or media, however does exclude certain information.
What Are the Permitted Uses and Disclosures of PHI?
Covered entities, business associates and subcontractors may only use or disclose PHI as permitted by the Regulations. The rights to use and disclose PHI are established in the contract that permitted access to the PHI in the first place. As well, a covered entity required by HIPAA regulations to have a notice of privacy practices (NPP) is only permitted to disclose PHI in a manner consistent with its NPP.
What Are the Consequences of Non-Compliance?
An acquisition, access, use or disclosure of PHI in a manner not permitted under HIPAA regulations protecting the privacy of PHI is considered an infringement of HIPAA. This breach will trigger a variety of notification and reporting requirements that may lead to government actions and penalties. However, such repercussions can be avoided if the covered entity, business associate or subcontractor proves that there is a low probability the PHI was compromised.
Conclusion
While HIPAA covers a vast scope of regulations and definitions, this article addresses a few common misconceptions. For a deeper understanding of the challenges and complex issues concerning businesses affected by HIPAA, professional assistance should be sought, even if matters seem relatively simple at first glance.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.