HIPAA Training – Part II


The Health Insurance Portability and Accountability Act of 1996 was a United States federal law enacted by the 404th United States Congress and signed by President Bill Clinton on Aug. 21, 1996. The Act is also known as HIPAA. The primary purpose of this Act is to provide protection to individuals who need access to affordable healthcare. The primary features of the Act are to establish regulations regarding medical records, secure private health information, and institute standards for protecting covered entities from identity theft and fraud. The Act is also important for privacy protection in the medical environment.

This Act was introduced by former President George W. Bush. He wanted to ensure that private health insurance was available to everyone. With the implementation of HIPAA, all individuals residing in the United States are now covered by certain health information technology systems unless they choose to opt out of the system. HIPAA ensures that the private health information of every individual in the United States is protected.

One rule from HIPAA that has been in place for a while is the prohibition against forcing individuals to change their electronic protected health information. A covered entity can not require that an individual to change his or her password or any other security measure that may limit a person’s ability to access his or her own health information. Also, a covered entity may not utilize a device to track the location of a person, without the knowledge and permission of that individual. HIPAA states that a covered entity may also only retain certain records for a specific time period. These records may be retained until the individual is no longer a covered entity and thus becomes a third party.

Another rule from HIPAA that has been in place since 1996 is the Privacy Rule. The Privacy Rule makes it illegal for a covered entity to use an individual’s non-disidentialized protected health information for any purpose except for that purpose. In addition to penalty violations, the Privacy Rule also makes it illegal for covered entities to disclose any of an individual’s protected health information to anyone other than the individual’s own physicians, except for the individual’s doctors. HIPAA penalties may also be imposed on covered entities who fail to comply with the Privacy Rule.

Both the Privacy Rule and the Security Rule were implemented after the tragic attacks on September 11th, 2021. Although the September 11th Terrorist attacks resulted in the deaths of thousands of Americans, the Security Rule goes one step further by making it illegal for any entity that was involved in the attacks to fail to follow security rules and regulations. Both the Privacy Rule and the Security Rule were intending to increase patient security by making it harder for unauthorized individuals to gain access to patients’ personal health information. Both rules have very significant consequences for health care providers who fail to meet their obligations under them.

According to the HIPAA privacy rule, covered entities must inform patients and consumers about their rights to privacy and their ability to exercise those rights. The Rule also requires covered entities to provide notice about how they protect patients’ privacy and to implement policies that help prevent unauthorized use of patients’ health records. Some of the penalties that may be imposed on a covered entity if it fails to comply with the HIPAA Rules include civil fines, reporting requirements, and potential administrative actions. In addition to these possible actions, the State Medicaid and Medicare agencies may also impose additional requirements on covered entities if they do not properly comply with their HIPAA Privacy Rule.

When implementing HIPAA regulations, businesses must consult with both the HIPAA Rules and the Security Rule. Business associates and suppliers understand that HIPAA complicates the operation of their business, but they must also know and understand the Security Rule. When consulting with their HIPAA compliance advisors, business associates and suppliers should ensure that the advisor understands both the HIPAA Rules and the Security Rule. Additionally, business associates and suppliers need to ensure that their HIPAA consultants are fully knowledgeable about the implementation specifications of the HIPAA Rules.

The HIPAA Rule also requires that covered entities to inform patients and their personal health care providers about their privacy rights. The Rule requires that covered entities to inform patients of their rights, procedures for protecting those rights, and how those rights may be violated. A covered entity is required to provide appropriate information to patients about their rights, procedures for protecting those rights, and how those rights may be violated. In addition, the Rule requires covered entities to develop and implement privacy policies, which outline how they will monitor their computer databases to protect any information that a person accesses. The HIPAA Rule also requires covered entities to educate patients and their personal health care providers about their rights, responsibilities, and choices.