Most people only hear about the Health Insurance Portability and Accountability Act (HIPAA) when filling out forms at their doctor’s office. Even in those instances, they may not know much about what HIPAA (pronounced “hip-ah”) is or how it impacts them.
Perhaps you remember receiving some documents about HIPAA and signing a form the last time you visited your doctor’s office. Most likely this was an acknowledgement form indicating that your doctor provided you with information about your HIPAA health information privacy rights.
Let’s take a look at what HIPAA is and what you need to know about it as a consumer.
What Is HIPAA is Why Was it Established?
HIPAA was passed by Congress in 1996 to protect patient health information and provide the ability for American workers to transfer and continue their health insurance coverage when they change or lose their jobs, among other protections.
Privacy Rule
HIPAA is divided into several titles, one of which is the Privacy Rule. One of the major goals of the Privacy Rule is to establish who can see patient health records and ensure that individuals’ health information is fully protected while still allowing for the flow of information in order to provide patients with quality care. The Privacy Rule applies to a person’s protected health information, whether in written, electronic, or oral form.
Security Rule
Another important title is the Security Rule, which protects individuals’ electronic health information that is created, used, maintained, transmitted, and received by “covered entities” (organizations that are required by law to follow HIPAA regulations).
Who Must Follow HIPAA Laws
Covered entities that fail to comply with HIPAA regulations can face fines and penalties; covered entities include:
Health Plans—This includes health insurance companies, corporate health plans, HMOs, and government programs that pay for health care, including Medicare and Medicaid.
Certain Health Care Providers—Doctors, clinics, hospitals, chiropractors, psychologists, nursing homes, pharmacies, and dentists that transmit information electronically (e.g. sending prescription refill requests or billing your insurance company electronically).
Health Care Clearinghouses—A health care clearinghouse is an entity that transmits information (typically claims and billing information) to another entity in the health care system. For example, a doctor’s office may send the bill for your visit to a health care clearinghouse that will inspect the bill to ensure there are no claim errors before forwarding the bill onto the insurance company for payment. This process reduces errors, resulting phone calls, and excess confusion. Clearinghouses are required to comply with HIPAA regulations to ensure your health information is protected.
Business Associates
“Business associates” of covered entities must also follow some HIPAA regulations. Business associates can include contractors, subcontractors, and other outside companies that are not employees of a covered entity, but that have access to your health information while conducting business with a covered entity.
For example, the billing company that helps your doctor get paid for your recent office visit is considered a business associate. A company that helps administer your health insurance plan or an IT company that maintains your hospital’s database would also be considered business associates. It is the covered entity’s responsibility to establish a contract with their business associates and ensure that your information is used properly and is safeguarded as per HIPAA regulations.
Who Is Not Required to Follow HIPAA Laws
Organizations that are not required to follow HIPAA Privacy and Security Rules include:
- Life insurers
- Employers
- Law enforcement agencies (most)
- Schools and school districts (most)
- State agencies such as child protective services agencies (many)
- Workers’ compensation carriers
What Information Is Protected
- Conversations between doctors and nurses, specialists, and other providers that gets entered into your medical record.
- Information about you in your health insurer’s computer system.
- Billing information about you at your healthcare facility (doctor’s office, clinic, hospital, etc.) provided it is a covered entity.
How Your Information Is Protected
Covered entities are required to put safeguards in place to protect your information and limit the use of your information to only what is necessary for the intended purpose (i.e. billing, transmitting information electronically, etc.). Business associates must also put safeguards in place to protect your information.
What Rights Do I Have Over My Health Information
You have the right to:
- Ask to see your health records and obtain copies of records
- Have corrections added to your health information
- Receive a notice outlining how your information will be used or shared
- Decide whether you want your information used or shared for marketing and other purposes
- Get reports indicating when and how your health information was used or shared
If you believe that you have been denied information to which you are entitled or that your information was used improperly, you can file a complaint with the U.S. government or with your healthcare provider.
HIPAA and the Affordable Care Act (ACA)
HIPAA was a precursor to the Affordable Care Act (ACA) enacted in 2010. HIPAA protects people by ensuring that they can’t be denied access to a healthcare plan if they switch jobs or take a new job that offers group health coverage. The new group plan is allowed to exclude you from receiving benefits for a preexisting condition for up to 12 months (or 18 months in case of late enrollment). HIPAA also mandates that if you had continuous health coverage in the last year with no breaks of longer than 63 days, you may be able to reduce or avoid any preexisting condition exclusions altogether. Note that this applies to group health plans and not individual health plans in California and other states.
Enter the Affordable Care Act: whereas in the past an insurance company could deny a person individual coverage due to a preexisting condition, with the passage of the ACA, the insurance company cannot deny coverage based on a preexisting condition as long as the plan is not grandfathered. For grandfathered plans, the HIPAA rules still apply, giving individuals with preexisting conditions at least some measure of protection.
Consult with an Expert for Help
If you have any questions about HIPAA and how it pertains to health insurance, the experts at Benefit Packages can help. Call us today for answers to all your questions and for a quote on affordable health insurance in California.
For more information or to receive a free quote for health insurance, contact us at https://benefitpackages.com/about-us/contact-us/