January 11, 2022
No matter what area of healthcare you work in, most healthcare professionals have heard of HIPAA. HIPAA rules are an integral part of the U.S. healthcare system that nurses first learn about in nursing school.
HIPAA regulations are the federal law that makes it a requirement for every healthcare worker to keep sensitive patient information confidential.
But there's more to HIPAA than the rules around sharing private patient data. Not only does HIPAA ensure an individual's right to medical privacy. It outlines national standards for security, rule enforcement, and insurance administration. Keep reading to find out the latest HIPAA regulations and digital privacy standards that healthcare professionals should know.
What is HIPAA and How Did It Start?
Let's review where HIPAA started.
The Health Insurance Portability and Accountability Act, or HIPAA, became law in 1996. There were several purposes to this law. It aimed to address issues surrounding health insurance coverage for people between jobs. It was also meant to decrease fraud and waste in healthcare and health insurance. HIPAA's overall goal was to make the entire healthcare system in the U.S. more efficient and effective.
Congress soon recognized the need to protect patients' private data as technology evolved. So, HIPAA included privacy protections and national standards for health care transactions and security, such as the HIPAA privacy rule.
What Does HIPAA Protect?
The Privacy Rule came about in the early 2000s. It meant that the U.S. now had national standards surrounding the use and protection of health information.
In short, the Privacy Rule ensures there are limits on how protected health information, or PHI, can be used and shared. This could include chart notes and test results, even medical bills. Anything can be PHI if it's health-related and you can tell who it belongs to.
Who Has to Follow HIPAA Regulations?
"Covered entities" refers to those who must follow HIPAA rules and medical regulations. Covered entities include Health Insurance companies and other health plans, healthcare providers, and pharmacies. Also, anyone else who has access to PHI to help them must follow HIPAA. For example, IT personnel or companies that store medical records.
New HIPAA Regulations and the Digital Age
Throughout the years, there have been a few changes to HIPAA to streamline healthcare and better protect patients. Here are a few of the more recent changes to keep in mind:
The Final Omnibus Rule, the last major change to HIPAA itself, was made in 2013. It detailed the encryption standards needed to protect PHI if a data breach occurs. Under this rule, mobile devices also need to meet security requirements. Healthcare professionals should be aware of their facility's regulations on using mobile devices for any type of work.
The Right of Access Initiative aims to allow patients timely access to their medical records when requested. It also provides some guidelines on how covered entities can require patients to request their records. For example, a doctor's office can require patients to complete a written form or give options to request electronically. Also, covered entities can't make the process too hard for the patient. For instance, a medical office can't require someone to use an electronic portal if they don't want to.
Telehealth has been increasingly used, especially throughout the pandemic. It's not surprising — being able to have a remote consultation is very safe and convenient. However, HIPAA rules and medical laws still apply to telehealth visits. Providers may treat anyone by telehealth, but appointments need to be held in a private space.
And telehealth can't be conducted on just any platform. To be HIPAA compliant, telehealth visits need to be on a "non-public facing" remote communication tool, which basically means a platform where only the provider and patient can access the conversation. Zoom, Skype, and Apple FaceTime are examples of acceptable telehealth tools.
Other HIPAA Considerations
New HIPAA regulations are on their way in 2022. The Department of Health and Human Services (HHS) has proposed several modifications. These updates may allow patients to look at their PHI in person and take notes or pictures of their PHI. The proposals would include measures to streamline record-sharing between providers. Overall, the changes aim to make it easier for patients to get their PHI and reduce administrative burdens.
Healthcare professionals are constantly learning new things. Without a doubt, they'll see many excellent advances in technology and healthcare over time. No matter what form patient information takes, protecting it requires vigilance and professionalism. By staying updated on medical laws like HIPAA, healthcare workers are more equipped to work in the ever-evolving world of healthcare.
Sources:
- Centers for Disease Control and Prevention. "Health Insurance Portability and Accountability Act of 1996 (HIPAA)." https://www.cdc.gov/phlp/publications/topic/hipaa.html
- HIPAA Journal. "HIPAA History." https://www.hipaajournal.com/hipaa-history/
- HIPAA Journal. "New HIPAA Regulations in 2021." https://www.hipaajournal.com/new-hipaa-regulations/
- Office for Civil Rights. "FAQs on Telehealth and HIPAA During the National COVID-19 Public Health Emergency." https://www.hhs.gov/sites/default/files/telehealth-faqs-508.pdf
- U.S. Department of Health and Human Services. "HIPAA For Professionals." https://www.hhs.gov/hipaa/for-professionals/index.html
