The introduction to HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets the guidelines for how a person’s protected health information is treated and safeguarded. Specifically, it spells out the rules for acquiring, modification, sharing, disclosure, transmission and protection of customer data by the specter of organizations engaged in providing healthcare and insurance services. Titled “covered entities”, these participants are required to abide by the law of non-disclosure of customers’ health data and facilitate its secure safekeeping and transmission. According to the law, the covered entity, which could be a health provider, pharmacy, insurance company, rehabilitation institution and other related parties are fully accountable for the integrity of information entrusted to it. The following requirements apply under the HIPAA legislation:
Privacy and confidentiality
Protected health information should not be disclosed to unauthorized parties without consent of the bearer. This includes non-disclosure to employers, third-party individuals or organizations not directly involved in providing medical, insurance services, etc. to the owner of the data.
Availability
The law stipulates that the copy of relevant information be provided to the bearer upon his/her request. The bearer has the right to edit and update the associated health records with the collaboration of the covered entity when necessary. The covered entity is also responsible for long-term storage and archival of the person’s health data.
Protection
The law imposes rigorous restrictions on how the information is acquired, stored and transmitted. Regarding electronic data management which is prevalent today, it states that the covered entity must implement modern authentication and encryption mechanisms to prevent inappropriate viewing or eavesdropping.