This put up is a part of a sequence sponsored by AgentSync.
The Well being Insurance coverage Portability and Accountability Act of 1996 (HIPAA) could also be one of the generally referenced medical health insurance legal guidelines, not simply by insurance coverage professionals, however within the on a regular basis lives of most People. Study a bit extra about what it’s, what it does (and doesn’t do), and the way it impacts the insurance coverage trade.
Please learn our discover of privateness practices
Fast! Identify a healthcare regulation that everybody is aware of of, however nobody actually is aware of. If you happen to guessed HIPAA, congratulations, you win! For on a regular basis residents, HIPAA references pop up at every physician’s workplace go to and, extra not too long ago, if a enterprise dares to require proof of COVID-19 vaccine standing for entry or service. Extra on that later, however spoiler alert: A enterprise requiring proof of vaccination to enter, or present companies, doesn’t violate HIPAA.
You’d be onerous pressed to seek out an American grownup who hasn’t heard of HIPAA, or who doesn’t understand it has one thing to do with medical privateness. However the collective data of this 500-page healthcare regulation ends there. And for most individuals, that’s OK. However if you happen to work in insurance coverage, you is perhaps one of many few who really wants to know HIPAA extra than simply superficially. Then once more, HIPAA is so particular to medical health insurance and well being data that it doesn’t apply universally throughout the insurance coverage world, both.
Actually, it’s the Well being Insurance coverage Portability and Accountability Act of 1996. This regulation, signed in 1996 by President Clinton, was the primary regulation to handle the privateness of well being and healthcare data. Even supposing digital medical information barely existed in 1996, HIPAA was forward-thinking and included references to digitization within the medical and medical health insurance area that wouldn’t come for years.
HIPAA gave U.S. residents the proper to count on a point of privateness surrounding that data, significantly on the subject of medical health insurance. It additionally gave us the proper to entry our personal well being data, even when that’s simpler mentioned than accomplished more often than not.
A big a part of the whole HIPAA regulation is what’s often known as the HIPAA Privateness Rule. According to the CDC’s website, “The Privateness Rule requirements deal with the use and disclosure of people’ well being data (often known as “protected well being data”) by entities topic to the Privateness Rule. These people and organizations are known as “coated entities.” The Privateness Rule additionally comprises requirements for people’ rights to know and management how their well being data is used.”
In plain English:
- Your private well being data is taken into account personal, and thus “protected” by the regulation.
- Sure entities (physician’s workplaces, hospitals, and medical health insurance firms, amongst others) are topic to the Privateness Rule.
- You even have the proper to know and management how your protected well being data is used, together with who it’s shared with.
What does HIPAA do?
Merely put, HIPAA required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The regulation gave accountability for enforcement to the Division of Well being and Human Companies (HHS)’s Workplace for Civil Rights.
HIPAA additionally laid out legitimate causes for when protected well being data utilized by any coated entity could also be shared or disclosed. The ultimate regulation was over 500 pages, so that is clearly, and essentially, a really abridged model of the regulation! If you happen to’re an even bigger insurance coverage nerd than we’re, you’re welcome to read the full text of the law here!
Additionally, if HIPAA is central or tangential to your work, take into account it is a condensed overview, not authorized steerage or due diligence. If you happen to want authorized recommendation, seek the advice of an lawyer.
What does HIPAA not do?
The quick reply is, “rather a lot.” As you’ve realized by now, HIPAA applies to a really particular set of coated entities. A restaurant or bar just isn’t a coated entity. An airline just isn’t a coated entity. Thus, personal companies that ask patrons to reveal their COVID-19 vaccination standing to be able to enter or to be served usually are not topic to HIPAA and usually are not in violation of it.
As well as HIPAA additionally doesn’t cowl:
- “Protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g.”
- De-identified well being data, when medical data is totally separated from personally identifiable particulars concerning the human it got here from. For instance, a big checklist of ages, heights, and physique weights wouldn’t be protected if there’s no title, deal with, Social Safety quantity, or different figuring out data that might hyperlink the well being information with a selected particular person.
Who’s required to comply with HIPAA?
HIPAA created customary definitions for forms of companies and entities which are topic to its privateness rule. These embrace:
- Healthcare suppliers
- Well being plans (together with Medicare, Medicaid, long-term care, and others–with a couple of exceptions)
- Healthcare clearinghouses
- Enterprise associates (outlined as an individual or group apart from an worker of a coated entity who’s utilizing protected well being data to carry out companies for a coated entity)
That’s mainly it. So once more, your uncle just isn’t topic to HIPAA at a household dinner. Your neighbor’s bar or restaurant can be not topic to HIPAA. Your native grocery retailer, movie show, and place of employment (almost certainly!) usually are not topic to HIPAA.
If, and provided that, you’re one of many above entities or a “enterprise affiliate” of 1, are you and your organization required to adjust to HIPAA.
Why is HIPAA necessary?
Affected person privateness is one thing most of us would agree is a crucial proper. Previous to 1996, nonetheless, this wasn’t essentially the case. It actually wasn’t assured or legally enforced.
Why HIPAA is necessary for the healthcare and medical health insurance trade
Despite the fact that 1996 is hardly what we consider as “the digital age” nowadays, HIPAA was really forward-thinking for its time. It launched some essential ideas that might be key because the trade moved from paper information to digital well being information.
HIPAA standardized how well being information have to be collected and guarded, and enforced a nationally acknowledged set of codes and identifiers. Very similar to the transfer to structured information in different industries, HIPAA necessities assisted the healthcare trade in transferring towards a digital future the place well being data is shared between sufferers, medical doctors, clinics, insurance coverage firms, and different entities each day with an emphasis on privateness.
Why HIPAA is necessary for sufferers
For sufferers, HIPAA is especially vital. All of the extra in order medical information have moved into the digital age, making them topic to data safety breaches. Previous to the enactment of HIPAA, it’s probably that “coated entities” weren’t usually deliberately exposing private affected person data in unscrupulous methods, however there was no assure (nor had been there government-enforced penalties).
HIPAA was the primary regulation of its form to create guidelines surrounding the storage and sharing of private well being data. It mandated a strict customary of knowledge safety controls for any organizations coping with such data. Plus, with legal guidelines in place, there are precise penalties for noncompliance.
HIPAA additionally empowered sufferers to take extra management over their healthcare by permitting them to entry their information for the aim of being extra knowledgeable about diagnoses and coverings, in search of extra medical enter from completely different suppliers, and even checking their information for errors. Earlier than HIPAA, healthcare organizations and medical health insurance firms weren’t required to adjust to any affected person’s request to entry their very own medical information.
How does HIPAA affect the insurance coverage trade?
For a lot of property and casualty insurance coverage carriers, brokers, brokers, and different insurance coverage companies, it actually doesn’t. For the overwhelming majority of the insurance coverage trade – those that don’t take care of life, well being, accident, incapacity, or associated merchandise – HIPAA doesn’t apply.
For these producers who’re dually licensed, for insurance coverage carriers that deal in well being and life, and for any insurance coverage professionals who come into contact with protected health information in the middle of doing enterprise, HIPAA is a priority and a regulation that requires compliance.
HIPAA may also affect employers who sponsor health insurance coverage for his or her workers. This implies it’s one thing worker profit brokers must additionally take note of and alert their purchasers about.
Within the quarter century since HIPAA was first signed into regulation, it’s grow to be a reasonably family title (as healthcare legal guidelines go!) however that doesn’t imply it’s easy or straightforward to know. If you happen to’re within the medical health insurance enterprise, HIPAA is only one of many insurance coverage trade laws it’s a must to take note of and you’ll want to adjust to. And it is best to get professional counsel in doing so.
Whereas AgentSync can’t aid you there, we will positively preserve compliance on monitor to your non-HIPAA wants, akin to producer onboarding and lifecycle administration. See AgentSync in action today.