The HIPAA Policy (Health Insurance Portability Accountability) Procedure describes the background and implications of the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
The Health Insurance Portability Accountability Procedure applies to the requirements outlined by the law and the Department of Health and Human Services (DHHS) regulations primarily regarding privacy and confidentiality. Requirements are far-reaching for healthcare transactions and administrative information systems. All healthcare organizations that maintain or transmit electronic health information, which is considered to be sensitive and protected, must comply. (8 pages, 2266 words)
These requirements involve health plans, healthcare clearinghouses, and healthcare providers, from large integrated delivery networks to individual physician offices. A tighter, special protection for psychotherapy notes exists. They also apply to life insurers, billing agencies, information systems vendors, service organizations, and universities.
All employees should use their best efforts to limit the non-consensual use and release of private health insurance and restrict the disclosure of health information to the minimum needed for the intended purpose. Access to health related records by researchers and others should be restricted to authorized personnel only. Patients should have the rights to access their medical records and to know who else has accessed them.
HIPAA policy Responsibilities:
The Controller should oversee the implementation of all privacy controls, training, and compliance coordination.
The Human Resources Manager should be the Benefits and HIPAA Policy Coordinator is responsible for being familiar with the HIPAA policy, ensuring that HIPAA rules and regulations are followed, and making sure that the company complies. According to the more than 1,000 pages of HIPAA regulations, the duties and responsibilities can be assigned to a person in an existing position and do not require having additional staff. The Benefit Coordinator should have the authority and responsibility to maintain records within the guidelines of HIPAA regarding privacy and confidentiality standards.
HIPAA policy Definitions:
Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Also known as the Kennedy-Kassabaum Act, HIPAA amends the Internal Revenue Code of 1986 to limit waste, fraud, and abuse in health insurance and health care delivery and to simplify the administration of health insurance. Included in the law is a separate section intended to reduce the administrative costs of health care.
Need to Know – A security term used to define access requirements for sensitive or confidential information. The term implies that only those individuals that have a valid purpose or requirement should be allowed access to the information.