HIPAA stands for Health Insurance Portability and Accountability Act of 1996. The purpose of the HIPAA Compliance is to ensure security of health information in medical spaces. Patients have the right to confidentiality of their health information and these are enforced using 5 rules under HIPAA.
Privacy Rule #
The privacy rule is implemented to protect Personal Health Information (PHI) of a patient or client. Meaning that without the authorization the client, there are limits and conditions to what can be disclosed or used from their medical record.
Security Rule #
The security rule is to regulate the standards, methods and procedures in the protection of PHI online. There are three stages to security. Administrative security allows for safeguarding encryption and authentication methods to control data access. Physical security protects electronic systems and equipment within your studio and risk protection analyses risk management protocols.
Transactions Rule #
The transactions rule deals with the transactions and code sets used in HIPAA transactions. These codes must be used correctly to ensure the safety, accuracy and security of medical records and PHI.
Identifiers Rule #
HIPAA has different identifiers for HIPAA financial and administrative transactions. HIPAA mandates health care providers have a National Provider Identifier (NPI) number that identifies them on their administrative transactions. There are three identifiers which are:
- National Provider Identifier (NPI)
- National Health Plan Identifier (NHI)
- Employer Identification Number (EIN)
Enforcement Rule #
The enforcement rule deals with the penalties for any violations of the HIPAA rule. There are five major areas covered in this rule:
- Application of HIPAA privacy and security rules
- Establishing mandatory security breach reporting requirements
- Accounting disclosure requirements
- Restrictions on marketing and sales
- Restrictions that apply to any business associate or covered entity contracts. These contracts must be implemented before they can transfer or share any PHI or ePHI.
HIPAA Breach Notification Rule #
The HIPAA Breach Notification rule sets the national standard to follow in case of a breach in data and has compromised patient records. All business associates and covered entities must report any breaches of their PHI, regardless of size, to Health and Human Services.