IWhat is HIPAA?
HIPAA is an abbreviation for the Health Insurance Portability and Accountability Act of 1996, a federal law that regulates the transfer and use of medical data in order to protect the security and privacy of personal information. In recent times, as the number of cyberattacks kept increasing the risk of health data breaches, many health providers and insurers had to increase their awareness and compliance with this legislation.
HIPAA protects the rights of patients by enforcing the limits and rules within medical information can be obtained, shared, and accessed. It also requires that all data is handled securely (especially in electronic form) to protect it from prying eyes and malicious uses.
The HIPAA was adopted by the United States Congress in August 1996, and signed into law by President Bill Clinton. It aims to achieve the following:
- Obliges industry-wide health standards for e-invoicing and other processes involving personal data;
- Provides the possibility of transferring and continuing health insurance coverage countless US employees and their families when they lose or change their jobs;
- Requires privacy and protection when working with sensitive personal information about a patient’s health;
- Establish guidelines to define the responsibilities of entities covered by the law and its business associates, and enforce severe penalties of up to $1.5 million per incident in case of compliance violations as well as HIPAA privacy and security breaches.
- Fights against abuse, waste, and fraud in the health care system, when personal information is used for medical purposes.
HIPAA is separated in five Title sections:
Title 1: Health Insurance Portability
This title addresses the ability to retain health insurance opportunities. It protects people who lose or change jobs, prohibits insurers from setting lifetime coverage limits, and mandates all group health plans to provide coverage to all individuals regardless of pre-existing conditions and diseases.
Title 2: Protection and Confidential Handling of Health Information
This title outlines regulations for privacy requirements from health care organizations and suppliers, as well as their business services providers, to strictly follow procedures that guarantee the security and confidentiality of private health information, when it is shared, sent, received, or used.
Title 2 applies to all forms of PHI (Personal Health Information), including verbal communication, physical documents, and electronic forms of communication such as Electronic Health Records (EHRs). It is important to note that in this case, the only user information that should be shared is that which is required for business purposes. The HIPAA Standards for Privacy Rule, set the first national standard in the U.S. to safeguard patients’ PHI and private information.
Adhering to Title 2 of HIPAA is what is often referred as “being HIPAA compliant”. In fact, in order to avoid facing civil financial money penalties for HIPAA compliance violations, every health care organization, provider or supplier must adhere to the following requirements:
- Follow a standardized procedure for electronic data interchange (EDI) every time an insurance claim is submitted or processed.
- Possess a unique10-digit national provider identifier number (National Provider Identifier or NPI).
- Ensure that all sensitive medical and patient data is properly encrypted, handled, and safeguarded at all times to guarantee privacy and security.
Title 3: Tax-Related Health Provisions
Title 3 is a set of guidelines for pre-tax medical savings account to determine how much it may be saved per person. Under HIPAA, both self-employed professionals and employees covered by employer-sponsored insurance plans may access medical savings accounts The law also provides for deductions for medical insurance and other tax-related provisions together with other modifications of the health insurance law.
Title 4: Application and Enforcement of Group Health Plan Requirements
Title 4 adds further changes to the health insurance reform, specifying eligibility for people with pre-existing conditions and patients requiring continued coverage. It also includes a clarification of the Consolidated Omnibus Budget Reconciliation Act (COBRA).
Title 5: Revenue offset governing tax deductions for employers
Title 5 of HIPAA encompasses the following:
- Provisions for company-owned life insurance, such as forbidding company endowments, company-related contracts, and the tax-deduction of interest on life insurance loans.
- Repeals the financial institution rule to interest allocation rules.
- It provides for the treatment of people who lost or gave up citizenship in the United States for income tax purposes. It also allows for the expatriation tax to be applied to those who gave up their US citizenship for tax reasons.