It’s 10pm on Thursday night. You sit down to watch the latest episode of ‘ER’. As the camera pans over the duty desk and around the Emergency Room you notice stacks of patient records and charts laying out in the open, accessible to any staff member whether medical or janitorial. HIPAA compliant? Certainly not. Hollywood? Actually, no.
What is HIPAA?
The Health Insurance Portability and Accountability Act, H.R. 3103 (known previously as the Kennedy- Kassebaum Bill) passed with nearly a unanimous vote of the 104th Congress on August 2, 1996, and was signed into law (P.L. 104-91) on August 21, 1996. It consists of several parts, including a section called "Administrative Simplification" that was designed to reduce administrative costs by standardizing electronic transactions and code sets. "Administrative Simplification" also contains requirements to protect the privacy and security of Protected Health Information (PHI). The regulation defines PHI as any information relating to the health of an individual, the healthcare provided to an individual, or payment for the health care provided to that individual.
Under the security standards of HIPAA, health insurers, certain health care providers and health care clearinghouses must establish procedures and mechanisms to protect the confidentiality, integrity, and availability of electronic protected health information. Health plans, healthcare clearinghouses and healthcare providers (known as "covered entities") who engage in electronic transactions, must comply. To a lesser degree, employers and business associates of ‘covered entities’ are also affected. The rule requires covered entities to implement administrative, physical, and technical safeguards to protect electronic health information in their care.