Your Health Information Security:
The 1996 Health Insurance Portability and Accountability Act (HIPAA) privacy and safety rules establish a federal requirement to protect your Health Information Security. HIPAA privacy rules usually require health care providers and health programs to protect your health information.
This requirement applies to paper and electronic records. The HIPAA safety rules specify in more detail the measures your health care provider and others must take to protect your electronic health protection information.
Is my health information protected by HIPAA?
Privacy protection applies to your “individual identification health information”, which means:
- Information about your past, present or future physical or mental health or condition; to provide you with health care services; or to provide health care payments for you in the past, present or future. Health Information Security
- Identify your information or have reasonable information available to identify you.
- Your doctor, nurse, and other health care provider’s information is placed in your medical history Health Information Security Health Information Security
- Doctors talk to nurses and other people for care or treatment
- Information about your health insurance company computer system
- Receive information about you at your clinic
- Information for companies, individuals or individuals who provide data, billing, or other services to doctors, hospitals, health insurers, and other healthcare providers. This includes computer and data service providers, accountants and other professional services companies. Health Information Security Health Information Security
When such information is held by an individual or organization that must comply with HIPAA’s information, it is referred to as “protected health information”.
HIPAA safety rules protect health information for electronic protection.
Organized may have information about your health, but do not have to follow HIPAA rules. For example, life insurance companies, employers and workers compensation carriers do not need to comply with these rules. However, other laws must comply with privacy precautions.
This is also true of many institutions such as schools and school districts, child protective services, law enforcement agencies, and municipalities.
How is my health information protected by HIPAA?
Those who comply with HIPAA’s privacy and security rules must:
- Follow the rules to see who can view, receive and share your health information
- Reasonably limit the use and sharing to the minimum required amount required to achieve the intended purpose. However, when the provider shares information for therapeutic purposes, it may be disclosed that the necessary minimum is exceeded.
- Agree with their service providers to ensure that they can only use and share your health information Health Information Security
Develop procedures to limit who can access your health information and implement training programs on how to protect your health information for your employees
- Develop administrative, technical and physical protection measures to protect your health information.
What are some of the technical protection measures that my supplier uses to protect my health information when I store it in an eHealth record?
The HIPAA safety rules require providers to assess the safety of their eHealth recording systems. This rule sets out the technical safeguards for the protection of electronic health records and prevents the risks management in the assessment. Some of the steps that may be taken to reduce risk include: Health Information Security
- Access control, such as a password or PIN, restricts access to your information to authorized individuals such as your doctor or nurse
- Encrypt your information, which means that your health information can not be read or understood unless someone can “decrypt” the use of only the “key”
- Audit trails, which records access to your information, what changes were made and when an additional security layer was provided
- Workstation security ensures that unauthorized personnel can not use computer terminals that can access your health records
Your supplier must develop risk management policies and procedures – assessing security risks and ensuring that known risks are addressed and prevented.
Learn more about the types of security measures in the HIPAA security rule.
What happens if there is a violation of my health information?
The HIPAA Violation Notification Rules require that most doctors, hospitals, other health care providers and health insurers inform you of “irregularities” and that if you are not seen, people who do not see information about you.
The federal law also requires health care providers and insurance companies to notify the Secretary of the US Department of Health and Human Services if they violate the health information of unsecured protection and inform the media and the public if the violation affects more than 500 people.
Health information that has been encrypted so that people can not read is considered safe. The consulate health care provider does not have to report whether the unauthorized person has attempted to access the encrypted message.
What about personal health records?
Some sites offer a place to store your health records online. These are often referred to as “personal health records”. Some personal health records are provided by health care providers and health programs and are covered by the HIPAA Privacy, Safety and Violation Notification Rules.
Other personal health records (PHR) are provided by an independent company. If these PHR companies are not covered by HIPAA, they must comply with the Federal Trade Commission Health Notification Rules and inform you if they violate your information. Health Information Security Health Information Security
Error or missing information? Please let us know…