HIPAA (Health Insurance Portability and Accountability Act) of 1996 is a federal law that was designed to allow portability of health insurance between jobs. In addition, it required the creation of federal laws to protect personally identifiable protected health information (PHI), better known as the HIPAA Privacy and Security Rules.
The Privacy Rule, compliance date of April 14, 2003, protects PHI such as:
Oral or written PHI or other patient information (on paper or electronic)
SSN # or ID number
Physician’s personal notes
Any information that connects patient with information
The Privacy Rule also imposes restrictions on the use and disclosure of a patient’s health information and gives a patient greater access to/protection of his/her health information and more control of how it is used.
The Security Rule, effective April 20, 2005, protects:
Confidentiality of electronic PHI (ePHI)
Integrity of ePHI – meaning once ePHI is created, it can’t be tampered with.
Availability of ePHI, so it can only be accessed by people with the authority to do so whenever it’s needed.
The Security Rule is also divided into three parts:
Administrative Safeguards - The conducting of on-going security audits as well as creating formal policies and procedures to safeguard all ePHI.
Physical Safeguards - This covers protection of physical things such as computer systems and high tech equipment as well as the facility where ePHI is stored.
Technical Safeguards - This contains all the technology that makes physical safeguards possible.
HIPAA Privacy and Security are important federal laws that are meant to protect our patients and our employees.