HIPAA 101

 

If you have visited a medical or dental practice in the last few years, you were probably handed your copy of the HIPAA legislation that protects your privacy regarding your medical/dental data. But what exactly does that mean to the individual and, more importantly, to the organization or practice entrusted with your personal medical information? Let’s explore exactly what this HIPAA legislation means.

 

Three Areas of HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a set of statutes designed to protect your health records both in hardcopy and electronically. Medical and dental practices are bound by law to protect this information while in use, between insurance companies and vendors, both while in storage and during electronic transmission. The details can get rather complicated, but in general, practices must safeguard your medical data in three main ways: technical safeguards, administrative safeguards, and physical safeguards.

  • Administrative — measures to ensure patient data is correct and accessible to authorized parties. It also ensures that only those who are allowed access to your information will gain access.
  • Physical — measures to prevent physical theft and loss of devices containing electronic PHI. This also includes safeguards for servers, networks, and devices.
  • Technical — technology-related measures to protect your networks and devices from data breaches and unauthorized access.

 

What is “Protected Health Information?”

These three areas of compliance mean that your Protected Health Information (PHI) or electronically Protected Health Information (ePHI) will be safeguarded administratively, in transit, and on the hardware/software of a medical practice. But what exactly constitutes “protected health information”? Here is a quick list to help you understand.

  • Names or part(s) of names
  • Any other unique identifying characteristic
  • Geographical identifiers
  • Dates directly related to an individual
  • Phone numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate or license numbers
  • Vehicle license plate numbers
  • Device identifiers and serial numbers
  • Web URLs
  • IP addresses
  • Fingerprints, and retinal and voice prints
  • Full face or any comparable photographic images

 

Who is Covered by HIPAA?

Practically all health plans, health care clearinghouses, health care providers, and endorsed sponsors of the Medicare prescription drug discount card are considered to be “HIPAA Covered Entities” under the Act.

 

What are the Rights included in HIPAA?

On a personal level, beyond the IT world that we live in, HIPAA allows for certain rights such as:

  • The right to request a medical record.
  • The right to request that a practice amends their medical records when appropriate.
  • The right to limit who has access to their personal health information.
  • The right to choose how healthcare providers communicate with them.
  • The right to complain about the unauthorized disclosure of their PHI.

 

Resources

If you have further questions about your personal rights, see our list of resources below. If you have concerns about the IT aspect of HIPAA, call Spectra Networks for more information at 978.219.9752, or visit our website.

 

HIPAA Journal

The HIPAA Guide

HIPAA Questions and Answers