The Health Insurance Portability and Accountability Act (“HIPAA”) is one of the most widely known healthcare laws. It is quite broad and covers numerous aspects of healthcare. However, this article will just briefly deal with its impacts on patient privacy.
HIPAA was originally enacted in order to protect the privacy of patients’ personal health information, and create a national standard for doing so. HIPAA requires healthcare industries that use electronic means to process transactions to use standardized forms and universal codes for illnesses and treatments. There are also further safeguards in place in order to protect patient health information.
HIPAA directly regulates the following, known as “covered entities”: (i) health care providers; (ii) health plans; and (iii) health care clearinghouses. In addition, it requires that “covered entities” obtain written confidentiality assurances from their business associates. This is because those business associates have access to the private health care information which the law seeks to protct.
HIPAA covers a very broad range of protected health information. The basic rule behind the privacy aspect of HIPAA is that a “covered entity” may not use or disclose any protected health information without an individual’s written authorization, except if permitted or required by the law.
There are both civil and criminal penalties for violating HIPAA, including fines up to $25,000.00 for multiple violations occurring in the same calendar year, and fines up to $250,000.00 and imprisonment for up to ten years for knowing misuse of individually identifiable health information.
Our firm offers a broad range of services in regards to HIPAA compliance. We are familiar with the requirements to de-identify health information. In addition we can draft written assurances with business associates, and most importantly, analyze whether a certain practice complies with the privacy mandates of HIPAA. For more information, don’t hesitate to contact one of our offices today.