The federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) represents a set of rules to protect the confidentiality and security of patients’ health care information, help insurance payments more efficiently and to help streamline health care administrative costs.
One of the major tasks of HIPAA is to ensure that a patient’s privacy remains intact and kept away from unauthorized parties. It consists of a balance of strict rules to protect a patient’s privacy, but also allows the transfer of medical information to other medical providers, should the need occur.
In New York State, they went beyond HIPAA privacy to enact the I-Stop rule, which prohibits certified medical providers from handwriting prescriptions. This not only helps counter the rising opioid epidemic, but also yields more control to a patient’s privacy, as well as helps reduce persecution errors.
All patients or their respective legal representatives must sign a HIPAA release allowing the provider to send out their records. The privacy regulation that covers a patient’s right to the release of their medical information is called the Privacy Rule. There is a separate rule called the Confidential Rule which is directed towards medical professionals, of which they must follow to keep a person’s medical history protected and private.
Providers and medical professionals who don’t adhere the HIPAA rules can be held responsible and accountable with consequences ranging from fees to criminal prosecution.
With the advent of ACA and electronic health records, additional PHI rules have been initiated. Adjustments have been made that add to the policies of HIPAA, such as the Omnibus Final Rule, enacted in 2013, which strengthens the privacy and security of patients’ medical information, also called Protected Health Information, and applies to the electronic transfer of medical records.
The HIPAA policy was and is a sweeping system of PHI rules that not only help to protect patient’s medical rights, but also help to ensure that medical providers don’t’ misuse medical information, whether that would be intentional or non-intentional.