Introduction to HIPAA and Understanding Basic Terminology

Welcome to Focusing on HIPAA Compliance! In this program, we will be reviewing the Health Insurance Portability and Accountability Act of 1996 and we will help to give you an understanding and an overview of what HIPAA is, who HIPAA affects, and why HIPAA was developed. Once you understand the basics, we will be reviewing the rules and regulations, as well as the safeguards required and recommended to keep you, your practice, as well as your patient’s’ information safe. We will also review the use and disclosure guidelines put into place, and the potential consequences of a HIPAA violation. At the end of this program, we will provide you with resources to reference, sample forms, and a certificate of completion. The objectives of this program are to provide you with the fundamentals, educate you on the importance, discuss the consequences, and provide you with resources. It’s important to understand that an annual review of HIPAA is required by every healthcare employee, and the fundamentals and safeguards set within the law are crucial to protecting your practice and patient information. If you find that you need to reference or research further, the best resource will be the Department of US Health and Human Services. You can reach them at www.hhs.gov.

 

So, what exactly is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act, which was signed into law by President Bill Clinton in 1996. HIPAA is a federal law that required the government to create nationwide standards to protect patient health information from being disclosed unless the patient gave direct consent. Although HIPAA was signed into law in 1996, details of HIPAA were yet to be determined by Congress and the Secretary of Health and Human Services. And, it also continues to evolve.

 

Let’s review some of the common terms you will come across when referring to HIPAA. These include:

 

  • – Protected Health Information (PHI)
  • – Electronic Protected Health Information (ePHI)
  • – Covered Entity (CE)
  • – Business Associate (BA)
  • – Business Associate Agreement (BAA)
  • – and Notice of Privacy Practices (NPP)

 

Protected Health Information, commonly referred to by PHI. This includes any information that is personally identifiable to the patient. This includes the patient’s name, address, date of birth, telephone number, fax number, social security number, email address, medical record number, health plan identification number, account number, and driver’s license number.

 

Electronic Protected Health Information is commonly known as ePHI. This refers to any Protected Health Information, or PHI, that is covered under HIPAA security regulations and is produced, saved, transferred, or received in an electronic form.

 

Covered Entity, also known as CE. Covered Entities include healthcare providers, health insurance plans, and healthcare clearinghouses. Covered Entities are those that are required to follow the rules and standards of HIPAA.

 

Business Associate is referred to as BA. This is any organization that may have been hired to handle PHI on behalf of a CE or another Business Associate. Business Associates include practice management firms, IT companies, data storage, and managed service providers. In our industry, for example, Williams Group, CSEye, Solutionreach, or Weave would all be considered a Business Associate of a practice.

 

Business Associate Agreement – referred to as BAA, is a written arrangement known as the agreement that specifies each party’s responsibilities when it comes to protecting PHI. Covered Entities must only work with Business Associates that are able to assure complete protection of PHI.

 

And last, Notice of Privacy Practices, also known as NPP. This is the statement that all Covered Entities must provide patients or individuals with, which under the Privacy Rule, must also cover certain elements of the practice. We will be touching base on this in more detail later in this program.

 

So, who does HIPAA affect? Both patients and Covered Entities are affected by HIPAA. As we discussed earlier, Covered Entities include your health plans, healthcare providers, and healthcare clearinghouses. And it protects the PHI of the individuals or consumers of their services.

 

Why? Well, let’s review the background and history of HIPAA. The essence of HIPAA first made its appearance when it was determined that the industry of medical care would become more efficient by introducing and creating electronic health records. HIPAA was originally developed to:

 

  • – Help modernize the flow of healthcare information
  • – Solve issues regarding health care coverage, and to provide continuing health care for people in between jobs
  • – To reduce healthcare fraud and protect patient information
  • – And,it was also time to update standard guidelines of managing healthcare data and personal information

williamsgroup