Spending any significant time within the medical community will make it clear that HIPAA isn’t a term that’s thrown around casually. In fact, HIPAA rules impact almost every aspect of the overall health care system in America today, and showing ignorance of its implications is a good way to make yourself stand out for all the wrong reasons.
However, despite the complexity it appears to imply, getting a HIPAA explanation isn’t as complicated as it sounds. This guide will walk you through the basics of this healthcare protection plan to help you know how your medical information is protected and what it means for every visit that you make to the doctor’s office.
What is HIPAA?
Put simply, HIPAA is a collection of regulations that give you rights for knowing about and controlling how your health information gets used.
HIPAA stands for the Health Insurance Portability and Accountability Act, a law passed by Congress in 1996 (almost two decades before the Affordable Care Act) to protect the health insurance benefits of employees and their families during a job loss or career changes.
However, what HIPAA is most known for today is protecting privacy through the HIPAA Privacy Rule, which regulates who can look at your healthcare information and what they can do with it. This applies to all forms of health information, including oral, written and even electric. For this reason, HIPAA has become an invaluable policy in the fight against health care identity theft.
What Health Information Does HIPAA Keep Private?
Most of your private health information is considered protected under HIPAA through its Protected Health Information (PHI) policy. This includes all information that identifies you as an individual, including your previous healthcare history, health status, or payment information for past health care.
Notably, the HIPAA Privacy Rule doesn’t cover any health information that doesn’t personally identify you. This means that any part of your health information that doesn’t directly link to you can be part of larger data sets and comprehensive medical databases. In the same way, the Privacy Rule lets your medical information be released to other care providers in the cases where your treatment needs to be coordinated between other providers or insurance companies.
Who Keeps Your HIPAA Health Information Private?
A key point in HIPAA protection is that the HIPAA Privacy Rule technically binds only “covered entities.” This includes the following entities:
- Medical Establishments: hospitals, clinics, nursing homes, urgent care centers.
- Individual Health Care Providers: doctors, chiropractors, pharmacists, dentists, psychologists, nurses.
- Health Care Plans: health insurance companies, company health plans, HMOs, government-funded healthcare plans like Medicare and Medicaid.
- Health Care Clearinghouses: the organizations that convert paper healthcare information into a digital format.
This list might seem comprehensive, but any entities aren’t covered by HIPAA, including your employer, worker’s compensation carrier, life insurance company, and most schools and school districts. It also doesn’t cover the information that is collected by health-tracking apps or devices (like the Fitbit), or any information that non-medical people find without your permission, like overheard phone conversations or paperwork in the trash.
Who Enforces HIPAA Privacy Regulations?Because HIPAA is a government legislation, a branch of the federal government is responsible for upholding it. The U.S. Department of Health and Human Services has a federal Office for Civil Rights (OCR), which is responsible for defending HIPAA regulations. As an individual, you can file a complaint about a HIPAA violation, but you don’t have the power to sue for a Privacy Rule Violation, as that is a right only granted to the Justice Department.
The Takeaway: What Does HIPAA Mean for You?
It might sound complicated, but what HIPAA means is that you have complete control over your medical information and can choose who you wish to share it with. Your health care provider can’t pass it around unless their right to do so has already been clarified in the documentation.
This means that you can maintain your healthcare coverage between jobs without an employer seeking out more information about your healthcare coverage that you don’t wish to share. It also means that digital copies of your healthcare information are as protected as it can be, meaning your concerns that the hospital will sell your personal information to a third party are unfounded.
While HIPAA is designed to give you peace of mind about how your medical information is used, it’s important to keep in mind that the legislation isn’t exhaustive and that the availability of health information has changed dramatically since the 1990s. To keep your medical information wholly protected, it’s essential to monitor your exposure to outside people and unprotected apps on your smartphone to ensure that you don’t share something you didn’t mean to.