What is HIPAA?
The HIPAA stands for The Health Insurance Portability and Accountability Act. This federal Act protects the privacy of patient information from third parties. Therefore, most healthcare providers such as healthcare insurance companies, hospitals, etc. can only disclose patient information in cases when the HIPAA allows the disclosure. Under the HIPAA, apart from disclosing the patient’s information for treatment purposes, only “the minimum necessary to accomplish the purpose of the disclosure” can be revealed.
Additionally, to further the goal of information security, as part of HIPAA, more incentives have been created for hospitals and insurance companies to transition to keeping electronic medical records under the HITECH Act.
What Is the Employer Allowed to Know Under the HIPAA?
Under the Act, an employer may, for example, ask for information that pertains to an employee’s doctor’s note for requested time off or information that would affect health insurance benefits. Anything else would require the written approval of the employee in order to be revealed.
What is the Privacy Rule Under the HIPAA?
The Privacy Rule under the HIPAA is a national standard that is applied throughout the nation to protect the confidential information of employees. The Rule gives every person the rights over his or her health care information, including the right to gain access to those records and make requests about changing the records.
What Is Covered Under HIPAA?
Generally, a person’s “health information” is covered under HIPAA. This information includes the entire history of a person’s conditions, treatments and expenses on healthcare. It also includes the person’s demographic information, Social Security number, address and name.
HIPAA does not cover, however, information available publicly.
How Do I File a Complaint Under the HIPAA?
HIPAA complaints are filed with the U.S. of Health and Human Services Office for Civil Rights. A complaint has to be filed on the OCR website or by mail or fax. It has to be filed within 180 days of the occurrence of the event that the complaint concerns. The 180 days window may be extended if “good cause” is shown.
HIPAA prohibits any kind of retaliation against the complainant, and, therefore, any retaliation should also be reported to the OCR.