What Is HIPAA? • HIPAA is a law adopted in 1996 to provide standards for health care related electronic transactions • HIPAA mandates federal privacy protections for certain individually identifiable health information, covered under the HIPAA Privacy Rule
HIPAA Privacy Rule • Regulates how medical professionals and other people use and disclose certain individually identifiable health information • Called protected health information (PHI)
What Information Is Protected? • Individually identifiable health information must be kept confidential, including demographic data that relates to: • The individual’s name, address, birth date, social security number, etc. • The individual’s past, present, or future physical or mental health or condition • The health care services provided to the individual • The past, present, or future payment for health care services provided to the individual
Maintaining Confidentiality • Professionals are to take all precautions necessary to keep all individually identifiable health information confidential. • Professionals are not to speak about patients with any identifiable information with anyone other than other professionals working with the patient. • Patient records should not be left in public space unattended, where they are easily accessible to unauthorized people.
Maintaining Confidentiality • Professionals must make reasonable efforts to avoid being overheard and reasonably limit shared information. • Professionals may disclose protected health information to a family member or other person involved when the individual is present during the disclosure. • Professionals are permitted to communicate with patients regarding their health care, including through the mail or by the phone. Messages may be left with family members, on voice mail, etc. with patient consent.
When Health Information Can Be Shared • Providing information needed for payment of benefits or health coverage • Disclosing information to specific agencies as required by public health laws for the purpose of: • Controlling infectious disease • Preventing injury • Preventing child abuse, neglect, or domestic violence • Preventing any serious threat to public health or safety • Complying with workmen’s compensation laws
When Health Information Can Be Shared • Providing information for legal proceedings • Providing law enforcement agencies with information to locate or apprehend fugitives and to identify victims or missing persons • Assisting a person who has been designated as your legal representative if you are unable to make medical decisions on your own (such as if you are under the age of 18)
When Health Information Can Be Shared • Assisting an official agency in the event of a disaster relief effort to notify family members of your condition, status, and location • Assisting coroners or medical examiners to identify a deceased person, determine the cause of death, and perform other functions authorized by law