| |
About HIPAA
Some Basic Information:
HIPAA stands for the Health Insurance Portability and Accountability
Act. It is a federal regulation that protects the privacy
of a patient’s healthcare information. Electronic transaction
regulations took effect in October 2002 and the privacy component
of HIPAA in April 2003.
Key Terms and Concepts:
PHI - PHI stands for Protected
Health Information. This includes any information that can
identify a particular individual with a particular health
condition.
IIHI – IIHI stands for
Individually Identifiable Health Information. This also includes
PHI plus any other identifying information about an individual
that could be connected with a person’s condition or
with their particular healthcare facility. IIHI can include
email or URL, patient identifier number such as the account
number or a medical record number, a finger print, voice print,
or other biometric form of identification. A patient’s
signature is also considered IIHI.
Covered Entity (CE) - This is
the facility where the patient is seen. Any health care provider
conducts electronic transactions is considered a Covered Entity
for HIPAA purposes.
Business Associate (BA) - A Business
Associate is any business or individual that provides a service
to the Covered Entity to help him process or maintain the
PHI. The BA must have a specific contract identifying how
the policies and procedures of the BA will help to protect
and keep confidential the PHI violation when in their custody.
Chain of Trust - This is a pattern
of documentation required by HIPAA to link PHI to whoever
has had access to it for a period not less than six (6) years.
Important Deadlines:
Section 1175(b)(1)(A) of HIPAA requires all covered entities
other than small health plans to comply with a standard or
implementation specification “not later than 24 months
after the date on which an initial standard or implementation
specification is adopted or established” (April 21,
2005); Section 1175(b)(1)(B), however, provides that small
health plans must comply not later than 36 months after that
date (April 26, 2006). Small health plans are companies that
meet the definition of a small business, under the Small Business
Association's rules, w/ annual receipts of less than $5 million. |
| |
| |
