All healthcare staff receive extensive training on the Health Insurance Portability and Accountability Act to ensure a thorough understanding and proper implementation in the workplace. However, though the act has direct impacts upon patients, few will have even heard of it. Here, we aim to explain what HIPAA is, how it is used in the healthcare environment and why it is important for patients.

HIPAA was brought in in 1996 to ease the transfer of health insurance plans between employers if one of their workers was moving jobs. However, it also legislates on a wide range of data privacy issues. HIPAA was set up to protect patient data and ensure that no data was shared with unauthorized individuals or without the necessary consent. This is important, as sharing such information is unethical and leaves individuals vulnerable to fraud.

There are a number of “rules” associated with HIPAA that help to protect against data breaches. The Privacy Rule defines what information is to be protected (“protected health information”) and stipulates that it must not be shared beyond what is necessary to carry out specific health-related tasks. The Security Rule outlines how PHI is to be protected in the form of three different types of safeguards (administrative, technical and physical), all of which must be implemented to protect patient data. These safeguards are varied in their means of protection: administrative safeguards include measures such as regular risk assessments whilst technical safeguards include things such as password protections and encryption. Physical safeguards usually relate to the actual workplace and include things like clearing desks or having key-card access to restricted areas.

There are other rules, too, which relate to the enforcement of HIPAA and what happens when a breach of data occurs. These are also important, as they can both act as “damage control” if something goes wrong and deterrents for those tempted to ignore HIPAA. The Office for Civil Rights, who oversees HIPAA enforcement, regularly issue fines or corrective action plans if they become aware of a HIPAA violation.

Aside from the right to privacy, HIPAA also awards rights to the patient concerning their access to data. HIPAA gives patients the right to access all of their health data, regardless of whether they have outstanding health bills. Patients need only request their data from their healthcare provider, who must act on the requests as soon as possible. The data must be made available to patients by whatever means they find convenient (electronic or hard-copy) and can be sent to whomever the patient wishes – including other healthcare professionals. The patient also has the right to submit an amendment to their healthcare records if they believe there is a mistake. Though this must be approved by a healthcare professional, any disagreements can also be noted on the form.

Thus, it can be seen that patients get a lot of benefit from HIPAA. From the right to privacy to the right to access their health data, HIPAA works to protect patient’s data rights throughout the healthcare sector.

Published by Calida Jenkins