Why is HIPAA so important?

Health Insurance Portability and Accountability Act or HIPAA, pronounced "hip-pah", was signed into law by Bill Clinton in 1996. This law is relevant to the United States but other nations may have similar laws that have the same functions. There are multiple Titles (Parts) to HIPAA but in the hospital setting, the most important is Title II, which sets guidelines for the privacy and security of Patient Health Information. All healthcare providers must follow HIPAA guidelines. State laws sometimes conflict with HIPAA guidelines. If this is the case, whichever law protects the patient's privacy overrides the other.

HIPAA Privacy Rule: In order for Patient Health Information to be released, the patient must give written permission. There are rules that don't require patient permission such as:

• if it's between the patient or authorized representative
• if the patient brings an acquaintance to the discussion between patient and healthcare provider
• entities for patient's treatment, payment or health care operations
• for research or public health

Most hospitals provide a Patient's Bill of Right which includes some of the important points of HIPAA guidelines. Incidents may occur when healthcare provider breaks HIPAA guidelines. As long as the health care provider act in good faith, not for marketing or personal gain, and keep the information to a minimum, it should be safe. Healthcare facilities may employ safeguards to protect Patient Health Information. These include:

• A Privacy Officer - implements privacy policy and deals with complaints
• Mandatory training of HIPAA guidelines to healthcare staff
• Business Associate Agreement (lawyers, pharmacists, billing companies etc.) which causes associates promise to protect Patient Health Informtaion
• Tracking Measures to see who accessed what information
• Violation Rules to punish those that break HIPAA guidelines and to protect those that report HIPAA violations

HIPAA Security Rule: These rules protect Patient Health Information physically and electronically which often deals with the security and transmission of data. These safeguards include:

• A Security Office - can also be the Privacy Officer, implements security policy to safeguard Patient Health Information.
• Sanction Policy to punish those who fail to comply with HIPAA guidelines
• Activity Review to see if healthcare providers are accessing the appropriate Patient Health Information 
• Employee Security to decrease access to hospital records so that only appropriate hospital employees can access specific patient files. This includes passwords and software security
• Business Associate Agreement (lawyers, pharmacists, billing companies etc.) which causes associates promise to protect Patient Health Informtaion
• Contingency Plan to protect databases in times of emergency
• Security Incident Procedures to protect from security breaches via online attacks, Trojan, malware and/or viruses