Hipaa Privacy Rule

Privacy Rules 1

Abstract

The wisdom of the HIPAA Privacy Rules was to create national standards to protect the

privacy of personal health information. This Rule took effect in April, 2003 and provides

protections to every patient whose information is collected, used or disclosed by covered entities.

The paper will provide information on HIPAA's Privacy Rules, the effect on medical providers

and patients. Also, it will give recommendations on how to improve the implementation of this

Rules.

Privacy Rules 2

BACKGROUND

"HIPAA" is an acronym for the Health Insurance Portability & Accountability Act

of1996 (August 21), Public Law 104-191, which amended the Internal Revenue Service

Code of 1986. Also known as the Kennedy-Kassebaum Act, the Act includes a section,

Title II, entitled Administrative Simplification. To improved the efficiency in healthcare

delivery by standardizing electronic interchange. To improve protection of

confidentiality and security health data through setting and enforcing standards.

More specifically, HIPAA called upon the Department of Health and Human Services

(DHHS) to publish new rules that will ensure standardization of electronic patient health,

administrative and financial data, unique health identifiers for individuals, employers,

health plans and health care providers and security standards protecting the confidentiality

and integrity of "individually identifiable health information," past, present or future. (HIPAA,

2005)

Who is covered by HIPAA?

Health Plans Ð'- This includes individual or group health plans that provide or pay the cost of

medical care, and includes, among other federally funded health plans, the Medicare and

Medicaid programs. Certain other government-funded programs are excluded from

the definition of health plan.

Health Care Providers Ð'- This includes any provider who transmits any health

information in electronic form in connection with the transactions covered in the rules.

Health Care Clearinghouse Ð'- This includes entities that process or facilitate the processing of

health information received from other entities in a nonstandard format into a standard format or

Privacy Rules 3

transaction. This could include for example a billing service.

INTRODUCTION TO PRIVACY RULE

While 85% of consumers believe privacy of medical information is "absolutely essential"

(Maradiegue, 2002), it is estimated during a patient's typical hospital stay over 400 people are

likely to see all or parts of the patient's medical record (Davis, 2001). Sensitive to the lack of

patient privacy, Congress enacted HIPAA in 1996, but failed to pass legislation pertaining to

medical privacy. HIPAA therefore required the DHHS to create and implement a national set of

privacy rules, known as the Administrative Simplification Standards, to: (a) improve the

efficiency and effectiveness of the health care system; (b) create national standards to protect

patients' personal health information; and (c) provide patients increased access to their medical

records (Helwig, 2002).

DHHS first issued the Privacy Rules in December 2000. Due to thousands of suggestions and

comments, it subsequently made changes to address obstacles that would have had the effect of

blocking patients' access to quality care. For example, the previous rules would have posed

barriers to health care by requiring the sick patient to personally visit a pharmacy to sign

paperwork before a pharmacist could review the patient's medical information to fill

prescriptions (DHHS, 2002). Under the final version of the Privacy Rules, HIPAA allows a

pharmacist to use protected health information that is telephoned in by a patient's physician.

Furthermore, the DHHS received over 11,000 public comments on the proposed modifications

issued in March 2002. Incorporating the public concerns and suggestions, the DHHS adopted

changes to form the final version of the Privacy Rule on August 14, 2002.

Privacy Rules 4

DHHS PRIVACY RULE STANDARDS

The shift of medical records from paper to electronic formats has increased the potential for

individuals to access, use, and disclose sensitive personal health data. Although protecting

individual privacy is a long-standing tradition among health-care providers and public health

practitioners in the United States, previous legal protections at the federal, tribal, state, and local