Share On

The Health Insurance Portability and Accountability Act (HIPAA) were issued by the United States Government in 1996. HIPAA Compliance is a set of laws and protocols that ensure the protection of private information stored by healthcare clinics or hospitals on networks. Firms that deal with electronic protected health information (ePHI) and Individually Identifiable Health Information (IIHI) has to follow the terms and regulations standardized by the HIPAA compliance, with the aim of protecting the privacy of patients.

Application of the HIPAA Compliance

It applies to the Information Technology (IT) or other departments that handle or has access to PHI of various patients for:

Covered Entities:

  • Health Plans- it includes an individual or a group plan sponsored either by government, church, multi-employer, and employer that ensure the cost of medical care. The exception is a group health plan with participants less than 50 and supervised by the employer, food stamps program, community health centers, automobile insurance, property and casualty insurance and entities that provide only workers’ compensation.

  • Health Care Providers- it includes every healthcare care provider that uses electronically connected networks to convey health information. The HIPAA transaction rule applies only to entities which use standard transaction such as electronic transmission, billing services or other third party services as entailed in the HIPAA Act, and not on entities that use only email to connect digitally.

  • Health Care Clearinghouses- it includes any entity that facilitates the processing of non-standard data into the standard data format and contrariwise. Only certain portion of the compliance rule is imposed on these entities as it receives health information only during processing. It is imposed on entities such as billing services, repricing companies, and community health management information systems.

Business Associates:

  • Business Associate Defined- these are the third-parties that provide a certain form of services to the covered entities that require the disclosure of IIHI. The services provided by these business associates are restricted to accounting, legal, actuaries, etcetera.

  • Business Associate Contract- a certain level of protection of information clause must be added to the covered entities in the business associate agreement while sorting business associate services from contractors or other non-workforce members.

Protected Information Covered Areas

  • Protected Health Information: this includes any information that is related to a patient’s medical history. Healthcare provisions, health status, parts of medical payment or any payment created or paid to covered entities.

  • De-Identified Health Information: this is the medical information stripped of any identity proof or data that can be used to identify an individual.

Leniency in Regards of Public Interest

  • Required by law: a covered entity may reveal the PHI data if it is demanded by the law.

  • Judicial and administrative proceedings: covered entities have to reveal PHI if it is ordered by a court of law, subpoenas, or other legal methods.

  • Law enforcement purposes: entities may reveal PHI data to law enforcement when

  • it is required by law,
  • to help identify and locate suspects, victims or missing people,
  • to notify the law regarding the deaths of suspects,
  • identification of victims,
  • data is an evidence of a crime,
  • A medical emergency that needs the attention of the law enforcement.
  • Victims of abuse, neglect and domestic violence: the covered entities are allowed to reveal PHI to authorities in the favor of safeguarding the interests of victims.

  • Descendants: covered entities are allowed to disclose information to coroners, and funeral directors for identification of the person or the cause of death.

  • Health oversight activities: entities can reveal PHI to health oversight agencies for auditing and investigating the healthcare system, governmental programs.

  • Public health activities: covered entities have to reveal PHI to

  • Health authorities that by law is authorized to collect and receive data to prevent medical mishaps or epidemics,
  • Food and Drugs Administration (FDA) subjected entities must reveal information for adverse reporting
  • The employer, to help them abide by the state laws that provide worker’s compensation.
  • Authorities regarding the exposure of an individual to a harmful communicable disease or other ailments.
  • Donation of cadaveric organs and tissues: covered entities are allowed to reveal PHI of the donors to safeguard the interests of the prospective receivers.

  • A serious threat to health safety: entities may reveal the information in times of public emergency regarding a health issue or to prevent or lessen the effects of illness on an individual.

  • Research: covered entities are allowed to reveal data without an individual’s authorization in favor of a research to contribute to general knowledge.

  • Worker’s compensation: covered entities can reveal PHI to assess the full extent of damage or illness a worker has suffered under the employment of a company to be reimbursed in form of compensation.


MiFID II / MiFIR Transaction Reporting: A Practical Guide

White Paper By: Duco

One of the main criticisms of the original MiFID was that national regulators did not enforce the directive with the same zeal across Europe. The list of financial instruments covered has been extended to almost all instruments traded in European markets – with particular emphasis on the OTC derivatives market that was previously out of scope for MiFID I. The issue with making this...

MiFID II data reconciliation: A practical guide

White Paper By: Duco

Data risk is an increasing challenge in the financial industry, for the innumerable processes that need to be taken care, before reporting the data to the regulators. It is extremely important to stay complaint and maintain data quality for Markets in Financial Instruments Directive II (MIFID II) during data reconciliation. Duco Cube with its powerful and flexible reconciliation platform...

Challenges of Regulatory Reporting in 2017

White Paper By: AutoRek

The phrase 'challenges of regulatory reporting' means different things to different organizations. Regulatory reporting submissions are only as good as the data they contain. Constant activity which encompasses formal preparation, robust submission, comprehensive sign off and approval, and on-going maintenance and review are some of the key components needed to have confidence in...

Compliance and Beyond: Future-proofing your password policy

White Paper By: SPECOPS

With password security policies and best practices in constant flux, our effectiveness in safeguarding our organization requires scrutiny. Unfortunately, the regulatory bodies we must abide by do not always pave a clear direction. This is where our own judgment must fill in the gaps. When it comes to password security policy, it is always a good rule of thumb to take a segmented approach...

Value of Clinical and Business Data Analytics for Healthcare Payers

White Paper By: Nous Infosystems

With the increasing need for business data analytics, healthcare payers must plan and implement solutions that make secondary use/re-use of data which is already available in various applications. This whitepaper to get an overview of the different sources of data, that payer systems can consider, advancements in bigdata, the challenges encountered, opportunities presented and listing of...

Value-Based Care The Future of Health Care

White Paper By: GSI Health

Value-based care is a kind of model in which providers are paid for keeping patients well (fee-for-value), not for the number of services they perform (fee-for-service). Integrating healthcare coordination with robust analytics into a single platform provides the big picture of patient care, enabling efficient, collaborative care for diverse teams to treat complex populations. This...

follow on linkedin follow on twitter follow on facebook 2018 All Rights Reserved | by: