Schedule a Free IT Assessment

Get Hip to HIPAA!

Is your business HIPAA compliant?

Even if you’ve never worked in the healthcare industry, you’ve probably heard of HIPAA. An appointment to get your teeth cleaned comes complete with a slew of forms that include your rights according to HIPAA.

But can you explain what HIPAA is and why that form is necessary? We often sign and date and move on, knowing it relates vaguely to what our care provider can do with our private health information.

HIPAA includes a lot more than you may realize, and if you work with Protected Health Information (PHI), especially electronic Protected Health Information (ePHI), understanding HIPAA is crucial. This article is the first in a series discussing what HIPAA is, understanding the Privacy and Security Rules, and analyzing HIPAA compliance standards.

What Does HIPAA Stand for?

If you’re not exceptionally familiar with this acronym, you may think it stands for the Health Information Privacy and Accountability Act. That seems reasonable given how the everyday person is exposed to it. In fact, it stands for the Health Insurance Portability and Accountability Act.

That doesn’t sound so familiar, does it? HIPAA was enacted in 1996 not with the intent to protect people’s privacy, but instead to regulate and simplify the health insurance industry. According to the official HIPAA language, the objective of this government regulation is:

To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

Essentially, Congress wanted to make health insurance cheaper and simpler by reducing administrative costs and creating a standard method that everyone related to the health insurance industry could adopt. So where does all this privacy and security regulation come into play? The requirement “to simplify the administration of health insurance” triggered everything.

In the Administrative Simplification section of HIPAA, the Act requires that the rights of individuals relating to the use and disclosure of their health information be clearly explained and that standards are set for the electronic exchange of health information. These two subsections, privacy and safeguards, would later be addressed in what is now referred to as the Privacy Rule and the Security Rule.

What is The Privacy Rule?

The Privacy Rule went into effect in 2000 and has been amended several times. It lays out the standards and guidelines for how PHI in all forms—verbal, physical, or electronic—can be used and disclosed. The Privacy Rule is the reason you know the acronym HIPAA at all.

Thanks to the Privacy Rule, health care providers, insurance companies, and their business partners must follow the same rules regarding health information. Individuals have the same right to access and the same expectation of privacy from all entities according to the guidelines in the Privacy Rule. PHI can include:

  • identifiable personal information,
  • any medical or mental health condition diagnosed during the lifetime of the individual,
  • any treatment or procedure performed in the lifetime of the individual,
  • payment information relating to health care,
  • and any identifiable or medical information that the individual wants restricted.

The Privacy Rule is also the reason you must sign that form stating you understand your rights according to HIPAA. Being informed that you have the right to privacy is part of your legal rights. There are exceptions to these rules, such as life-threatening emergencies, court orders, and release of information authorizations, but all are directly addressed and specified within the rule.

Ultimately, the HIPAA Privacy Rule sets the standard for each patient’s right to privacy regarding their PHI. Thanks to the Privacy Rule, PHI is automatically considered confidential in almost all circumstances, and it also explains under what circumstances PHI may be shared.

What is The Security Rule?

The Security Rule is a little different. It first went into effect in 2003 and, unlike the Privacy Rule, relates only to ePHI. The Security Rule established the safeguard standards everyone dealing with ePHI must follow to be HIPAA compliant. Compliance means all ePHI is stored, processed, and transferred in a way that ensures patient privacy. While it doesn’t dictate specific implementation steps, since each company’s use and needs around ePHI is different, anyone dealing with ePHI must address each specification.

HIPAA began as a way to simplify health insurance procedures and make those handling health information more accountable to every citizen’s rights about their private health information, and its effects have been far-reaching. For anyone dealing with PHI, the requirements can appear daunting at first, but with a trusted IT partner, HIPAA compliance means any and all health information will be safe in your hands.

Look for our next HIPAA article, which will discuss the Security Rule in more detail. Until then, you can contact Anderson Technologies’ expert consultants for help navigating HIPAA compliance by calling 314.394.3001 or emailing info@andersontech.com.

Connect with Us
facebook icon
LinkedIn icon
vimeo icon
Anderson Technologies logo in white
youtube icon
Yelp icon
glassdoor icon

13523 Barrett Parkway Drive
Suite 120
St. Louis, MO 63021

+1 (314) 394-3001
info@andersontech.com

WBE

Ⓒ Anderson Technologies – All Rights Reserved. Privacy Policy.

In 2022, Hadley and her husband Corbitt decided to return to St. Louis to join the family business. As part of the second generation, Hadley brought fresh perspectives from her time at AT&T and was drawn to helping the company grow the right way by implementing scalable systems and processes, while maintaining the core value-centric culture.
 
As a Project Manager, Hadley facilitated technical projects and the development of interdepartmental playbooks while gaining a deep understanding of the inner workings of the business operations. Now, as the Project Management Lead, Hadley is known for her driven, process-oriented leadership and her dedication to finding solutions for every challenge no matter how daunting it may first seem.

Born in Yokohama, Japan, and raised in Malaysia and St. Louis, Corbitt developed a unique global perspective. He graduated from Randolph-Macon College with a degree in Political Science and Spanish where he was a member of the men’s basketball team.

Before joining Anderson Technologies, Corbitt built a successful career at AT&T which initially started in the B2B Sales Development Program – a highly-competitive sales training where he was stack-ranked against his 100+ peers based on quota attainment to determine where in the company one was placed. In Chicago, as part of the National Fiber Organization, he became a top-performing sales professional, selling AT&T’s fiber, networking, and cybersecurity services and learning the value of relationship building, perseverance, and grit. Later, as a Senior Sales Solutions Engineer at AT&T headquarters in Dallas, he refined his technical expertise, leadership skills, and consulting abilities.

Currently pursuing his MBA at Washington University in St. Louis, Corbitt blends strategic thinking, technical knowledge, and a client-first approach to help Anderson Technologies continue serving companies and organizations across the country.

Corbitt Grow Headshot