Understanding The Health Insurance Portability and Accountability Act (HIPAA)
When seeking addiction treatment, a major concern of many patients is the privacy and security of their health information. There are several federal laws that regulate the use and disclosure of health information as well as security safeguards to protect said information. The primary law that protects this information is known as HIPAA.
In 1996, Congress passed the Health Insurance Portability and Accountability Act, better known as HIPAA. This federal law created a set of national standards that are meant to protect patients’ private health information from being discussed or disclosed without their written consent.
There are two primary parts to HIPAA: the Privacy Rule and the Security Rule. Both have detailed requirements outlining the privacy and security of all patients’ health information.
What Does HIPAA Do?
HIPAA is the law that makes sure patients’ health information remains private and confidential. It accomplishes four main goals:
- Reduces health care abuse and fraud
- Requires providers to handle protected health information (PHI) in a confidential manner
- Mandates standards for the entire healthcare industry on electronic billing and other processes
- Gives American workers and their families the ability to transfer or change their insurance coverage when changing jobs
People and organizations that must follow HIPAA guidelines and regulations are referred to as “covered entities.” Virtually anyone who handles patient medical information is considered a covered entity. Covered entities that are subject to HIPAA include:
- Healthcare providers – All healthcare providers, regardless of practice, size, or location are subject to HIPAA in connection with claims, benefit eligibility inquiries, referrals, authorizations, and all other transactions.
- Health plans – All health insurance providers including health, dental, vision, and medication insurers are subject to HIPAA. This also includes Medicare and Medicaid.
- Business associates – People and organizations in connection with a patient’s workforce and their activities, such as claims processing, data analysis, and billing, are subject to the HIPAA.
- Healthcare clearinghouses – These entities are in charge of processing nonstandard information that is received from other entities.
What is the HIPAA Privacy Rule?
The HIPAA Privacy Rule was issued by the US Department of Health and Human Services to establish a set of requirements behind HIPAA. It exists to address the use and disclosure of patients’ protected health information (PHI) by the covered entities. In doing so, the Privacy Rule ensures that patients’ health information is protected and kept confidential while still providing and promoting quality health care in the best interest of the patient.
The Privacy Rule applies to and protects all identifiable health information, including, but not limited to the patient’s address, birthday, name, medical history, address, and more.
What is the HIPAA Security Rule?
The HIPAA Security Rule exists to protect information that is covered by the Privacy Rule. While the Privacy Rule refers to health information contained in any medium (written, spoken, etc.) the Security Rule pertains to electronic protected health information (ePHI). As such, the mandates in the Security Rule do not pertain to oral or written information.
The HIPAA Security Rule requires that all covered entities:
- Fully ensure the integrity, confidentiality, and availability of all electronic protected health information
- Protect against impermissible uses or disclosures of health information
- Are able to detect and protect against anticipated threats to security
- Certify HIPAA compliance by their workforce and employees
In order to support the protection of patients’ PHI, the Security Rule requires all covered entities to utilize appropriate and reasonable technical, administrative, and physical safeguards necessary.
Patient Rights Under the Health Insurance Portability and Accountability Act (HIPAA)
Most patients feel as though it is their right to have their health information private and protected. Fortunately, HIPAA gives all patients many rights to the use and disclosure of their PHI. HIPAA gives patients the following rights:
- Patients can request a copy of their medical records and other health information. These copies must be given to the patient within 30 days.
- Patients can request to change any incorrect information or add information that is missing to their file. These updates should be made within 60 days.
- If there is certain information a patient does not want to share, patients can request that information is kept private.
- Patients can ask to be reached somewhere else rather than their home.
- Patients must be made aware of how their health information is used and it must not be used without their consent.
- Healthcare providers cannot share a person’s PHI with another entity without the patient’s written consent.
The only exceptions during which a provider can disclose a person’s PHI include:
- When required by law or when pertaining to public health
- If a person is the victim of abuse, neglect, or domestic violence
- When law enforcement, judicial proceedings, or administrative oversight requires
- Identification of a deceased individual
- When doing so will prevent or lessen a serious threat to the patient’s health or safety
- Workers compensation
- Organ or tissue donation
Unless ordered by a judge or in the event that a patient is at risk of harming themselves, their PHI cannot be disclosed without their consent. As a result, patients who enter into an addiction treatment program should expect that their rights and privacy are upheld throughout and after their treatment.
Your Privacy is Important to Us
Here at New Jersey Intervention, we understand the importance of keeping our patient’s PHI protected and confidential. We operate in accordance with HIPAA, federal, and state guidelines when treating patients for substance abuse. Your information will only be used in unique circumstances listed under the HIPAA exceptions.
When you call New Jersey Addiction Intervention for help, your call is free, confidential, and secure. We can help refer you to other HIPAA compliant providers in New Jersey so you can find the help you need. Contact us today for a risk-free consultation.