Ask the doctor


HIPAA and privacy guide 101

HIPAA has led to sweeping changes to healthabout how their personal information will be
care administration and information systemsused. The 'protected health information'
as health care organizations struggle to(PHI) indicates that the information cannot
achieve cost-effective compliance by 2003.be used for marketing purposes without the
The US Congress enacted the Health Insuranceclear consent of the patients in question.
Portability and Accountability Act or HIPAAPeople should be able to ask their covered
in 1996. The act covered a wide array ofentities (which maintain PHI about them), to
issues surrounding the health insuranceensure that their communications with the
industry but in particular it requiredpatient are confidential. It should be
administration simplification, whichpossible for people to file formal
addressed the issue of security and privacyprivacy-related complaints to the Department
of  health  information.of Health and Human Services (HHS) Office for
Civil Rights. Covered entities should
HIPAA is designed to standardize the way alldocument their privacy procedures, however,
health care organizations electronicallythey have discretion on what to include in
exchange sensitive patient data and totheir privacy procedure. They are required to
protect patients from unauthorized disclosuredesignate a privacy officer and train their
of their medical records (whether paper oremployees. Covered entities can use an
electronic). HIPAA outlined standards toindividual's information without the
improve the nation's health care system byindividual's consent if the purpose is to
incorporating electronic data exchangeprovide treatment, obtain payment for
between health care providers. The idea ofservices and to perform the non-treatment
course was to allow various health providersoperational tasks of the provider's business.
to access the records of a particularSome of the agencies, government bodies and
patient. So, when a patient visits a newindividuals who can access the medical
hospital, the covering doctor can access thatrecords of a person under HIPAA compliance
patients past record and in so doing providerules are the insurance companies, employers,
him with better care. However, as one couldcourts, hospitals, or individual physicians.
envisage, this raised a great number ofThis is also considered as a downside of the
apprehensions with respect to the privacy andHIPAA Privacy rule because sponsors of a
confidentiality of people's medical records.research study; makers of drugs for the
So the legislature created a fundamental listparticular study and the researchers involved
of rules and regulations with which healthin  the  study  are  included  in  this list.
care providers must comply. And the creation
of these rules and regulations gave birth toHowever, the ultimate objective of HIPAA is
the industry that is called HIPAA Compliance.to increase the efficiency and effectiveness
of health information systems through
To ensure HIPAA compliance, there are certainimprovements in electronic health care
key provisions, which need to be followed.transactions as well as to maintain the
For instance, individuals should be able tosecurity and privacy of individually
access their records and request correctionidentifiable health information.
of errors. Also, they should be informed



1 A B C D E F 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136