Difference between revisions of "Health Insurance Portability and Accountability Act (HIPAA)"

From Clinfowiki
Jump to: navigation, search
(The Privacy Rule)
Line 23: Line 23:
 
== The Privacy Rule ==
 
== The Privacy Rule ==
  
The Privacy Rule defines the minimum Federal standards for protection of patient data by a [[Covered Entity|covered entity]] for research and other purposes. It specifies who is a Covered Entity, what [[Protected Health Information (PHI)|protected health information (PHI)]] is, and the conditions under which PHI can be distributed.
+
The Privacy Rule defines the minimum Federal standards for protection of patient data by a [[covered entity]] for research and other purposes. It specifies who is a Covered Entity, what [[Protected Health Information (PHI)|protected health information (PHI)]] is, and the conditions under which PHI can be distributed.
  
 
In general, there are three ways that PHI can be distributed by a Covered Entity under the Privacy Rule.  The first is by the creation of [[Identifiable Health Data|De-Identified Patient Data]].  This process theoretically removes all individually identifying information from the patient record, allowing the data to be used to research or financial gain without the ability to link to the information back to a particular person.  In reality, this has not been completely successful.
 
In general, there are three ways that PHI can be distributed by a Covered Entity under the Privacy Rule.  The first is by the creation of [[Identifiable Health Data|De-Identified Patient Data]].  This process theoretically removes all individually identifying information from the patient record, allowing the data to be used to research or financial gain without the ability to link to the information back to a particular person.  In reality, this has not been completely successful.

Revision as of 14:56, 18 October 2011

The Health Insurance Portability and Accountability Act (HIPAA) sets national minimum privacy requirements for personal, protected health information (PHI). It protects the security and privacy of health data. HIPAA also encourages electronic data interchange among different electronic medical record systems.

History

In 1996 August 21, the United States Congress enacted the Health Insurance Portability and Accountability Act (HIPAA). It is also known as the Kennedy-Kassebaum Act.

Purpose of HIPAA

The purpose of HIPAA is to improve the efficiency, effectiveness, and security of the national health system.

  • Increase efficiency: paper work is reduced for healthcare providers due to an electronic system.
  • Reduce fraud and abuse: digital paper trail makes fraud prosecution easier.
  • Portability: an employee is guaranteed health insurance coverage, even when he changes jobs.
  • Security: increased security for patient health information and protect patient rights.
  • Accountability: protecting health data integrity, confidentiality and availability.

Security standards

Security refers to the ability to control access and protect information from disclosure to unauthorized persons.

To comply with the security standards, an electronic medical record (EMR) must have written, comprehensive security policies, access controls, control over the physical environment, clearance procedures, and a record of all access authorizations.

The Privacy Rule

The Privacy Rule defines the minimum Federal standards for protection of patient data by a covered entity for research and other purposes. It specifies who is a Covered Entity, what protected health information (PHI) is, and the conditions under which PHI can be distributed.

In general, there are three ways that PHI can be distributed by a Covered Entity under the Privacy Rule. The first is by the creation of De-Identified Patient Data. This process theoretically removes all individually identifying information from the patient record, allowing the data to be used to research or financial gain without the ability to link to the information back to a particular person. In reality, this has not been completely successful.

The second method is to get written permission from the patient to release their PHI.

[1]

Lastly, an Institutional Review Board (IRB) can also allow for use of Protected Health Information (PHI) in specific situations for certain types of research.

References

http://dataprivacylab.org/projects/identifiability/index.html

http://privacyruleandresearch.nih.gov/pdf/HIPAA_Privacy_Rule_Booklet.pdf