This put up is a part of a sequence sponsored by AgentSync.
The Well being Insurance coverage Portability and Accountability Act of 1996 (HIPAA) could also be probably the most generally referenced medical health insurance legal guidelines, not simply by insurance coverage professionals, however within the on a regular basis lives of most People. Study a bit extra about what it’s, what it does (and doesn’t do), and the way it impacts the insurance coverage business.
Please learn our discover of privateness practices
Fast! Identify a healthcare regulation that everybody is aware of of, however nobody actually is aware of. Should you guessed HIPAA, congratulations, you win! For on a regular basis residents, HIPAA references pop up at every physician’s workplace go to and, extra not too long ago, if a enterprise dares to require proof of COVID-19 vaccine standing for entry or service. Extra on that later, however spoiler alert: A enterprise requiring proof of vaccination to enter, or present companies, doesn’t violate HIPAA.
You’d be arduous pressed to search out an American grownup who hasn’t heard of HIPAA, or who doesn’t understand it has one thing to do with medical privateness. However the collective data of this 500-page healthcare regulation ends there. And for most individuals, that’s OK. However for those who work in insurance coverage, you is perhaps one of many few who really wants to grasp HIPAA extra than simply superficially. Then once more, HIPAA is so particular to medical health insurance and well being info that it doesn’t apply universally throughout the insurance coverage world, both.
What’s HIPAA?
Actually, it’s the Well being Insurance coverage Portability and Accountability Act of 1996. This regulation, signed in 1996 by President Clinton, was the primary regulation to handle the privateness of well being and healthcare info. Even supposing digital medical information barely existed in 1996, HIPAA was forward-thinking and included references to digitization within the medical and medical health insurance discipline that wouldn’t come for years.
HIPAA gave U.S. residents the fitting to count on some extent of privateness surrounding that info, significantly in relation to medical health insurance. It additionally gave us the fitting to entry our personal well being info, even when that’s simpler mentioned than accomplished more often than not.
A big a part of the complete HIPAA regulation is what’s often called the HIPAA Privateness Rule. In line with the CDC’s web site, “The Privateness Rule requirements tackle the use and disclosure of people’ well being info (often called “protected well being info”) by entities topic to the Privateness Rule. These people and organizations are referred to as “coated entities.” The Privateness Rule additionally accommodates requirements for people’ rights to grasp and management how their well being info is used.”
In plain English:
- Your private well being info is taken into account personal, and thus “protected” by the regulation.
- Sure entities (physician’s workplaces, hospitals, and medical health insurance corporations, amongst others) are topic to the Privateness Rule.
- You even have the fitting to grasp and management how your protected well being info is used, together with who it’s shared with.
What does HIPAA do?
Merely put, HIPAA required the creation of nationwide requirements to guard delicate affected person well being info from being disclosed with out the affected person’s consent or data. The regulation gave accountability for enforcement to the Division of Well being and Human Companies (HHS)’s Workplace for Civil Rights.
HIPAA additionally laid out legitimate causes for when protected well being info utilized by any coated entity could also be shared or disclosed. The ultimate regulation was over 500 pages, so that is clearly, and essentially, a really abridged model of the regulation! Should you’re a much bigger insurance coverage nerd than we’re, you’re welcome to learn the total textual content of the regulation right here!
Additionally, if HIPAA is central or tangential to your work, have in mind it is a condensed overview, not authorized steering or due diligence. Should you want authorized recommendation, seek the advice of an lawyer.
What does HIPAA not do?
The quick reply is, “so much.” As you’ve realized by now, HIPAA applies to a really particular set of coated entities. A restaurant or bar isn’t a coated entity. An airline isn’t a coated entity. Thus, personal companies that ask patrons to reveal their COVID-19 vaccination standing with a view to enter or to be served aren’t topic to HIPAA and aren’t in violation of it.
As well as HIPAA additionally doesn’t cowl:
- “Protected well being info employment information {that a} coated entity maintains in its capability as an employer and training and sure different information topic to, or outlined in, the Household Instructional Rights and Privateness Act, 20 U.S.C. §1232g.”
- De-identified well being info, when medical info is totally separated from personally identifiable particulars in regards to the human it got here from. For instance, a big checklist of ages, heights, and physique weights wouldn’t be protected if there’s no identify, tackle, Social Safety quantity, or different figuring out info that may hyperlink the well being knowledge with a particular individual.
Who’s required to observe HIPAA?
HIPAA created normal definitions for sorts of companies and entities which might be topic to its privateness rule. These embody:
- Healthcare suppliers
- Well being plans (together with Medicare, Medicaid, long-term care, and others–with a couple of exceptions)
- Healthcare clearinghouses
- Enterprise associates (outlined as an individual or group aside from an worker of a coated entity who’s utilizing protected well being info to carry out companies for a coated entity)
That’s mainly it. So once more, your uncle isn’t topic to HIPAA at a household dinner. Your neighbor’s bar or restaurant can also be not topic to HIPAA. Your native grocery retailer, movie show, and place of employment (most certainly!) aren’t topic to HIPAA.
If, and provided that, you’re one of many above entities or a “enterprise affiliate” of 1, are you and your organization required to adjust to HIPAA.
Why is HIPAA vital?
Affected person privateness is one thing most of us would agree is a vital proper. Previous to 1996, nonetheless, this wasn’t essentially the case. It definitely wasn’t assured or legally enforced.
Why HIPAA is vital for the healthcare and medical health insurance business
Although 1996 is hardly what we consider as “the digital age” nowadays, HIPAA was really forward-thinking for its time. It launched some crucial ideas that may be key because the business moved from paper information to digital well being information.
HIPAA standardized how well being knowledge should be collected and guarded, and enforced a nationally acknowledged set of codes and identifiers. Very similar to the transfer to structured knowledge in different industries, HIPAA necessities assisted the healthcare business in shifting towards a digital future the place well being info is shared between sufferers, medical doctors, clinics, insurance coverage corporations, and different entities each day with an emphasis on privateness.
Why HIPAA is vital for sufferers
For sufferers, HIPAA is especially important. All of the extra in order medical information have moved into the digital age, making them topic to info safety breaches. Previous to the enactment of HIPAA, it’s seemingly that “coated entities” weren’t typically deliberately exposing private affected person info in unscrupulous methods, however there was no assure (nor had been there government-enforced penalties).
HIPAA was the primary regulation of its type to create guidelines surrounding the storage and sharing of private well being info. It mandated a strict normal of knowledge safety controls for any organizations coping with such info. Plus, with legal guidelines in place, there are precise penalties for noncompliance.
HIPAA additionally empowered sufferers to take extra management over their healthcare by permitting them to entry their information for the aim of being extra knowledgeable about diagnoses and coverings, looking for further medical enter from totally different suppliers, and even checking their information for errors. Earlier than HIPAA, healthcare organizations and medical health insurance corporations weren’t required to adjust to any affected person’s request to entry their very own medical information.
How does HIPAA influence the insurance coverage business?
For a lot of property and casualty insurance coverage carriers, brokers, brokers, and different insurance coverage companies, it actually doesn’t. For the overwhelming majority of the insurance coverage business – those that don’t take care of life, well being, accident, incapacity, or associated merchandise – HIPAA doesn’t apply.
For these producers who’re dually licensed, for insurance coverage carriers that deal in well being and life, and for any insurance coverage professionals who come into contact with protected well being info in the midst of doing enterprise, HIPAA is a priority and a regulation that requires compliance.
HIPAA may influence employers who sponsor medical health insurance protection for his or her workers. This implies it’s one thing worker profit brokers have to additionally take note of and alert their purchasers about.
Within the quarter century since HIPAA was first signed into regulation, it’s turn into a reasonably family identify (as healthcare legal guidelines go!) however that doesn’t imply it’s easy or straightforward to grasp. Should you’re within the medical health insurance enterprise, HIPAA is only one of many insurance coverage business laws you need to take note of and you’ll want to adjust to. And it is best to get skilled counsel in doing so.
Whereas AgentSync can’t enable you there, we are able to undoubtedly preserve compliance on monitor on your non-HIPAA wants, akin to producer onboarding and lifecycle administration. See AgentSync in motion at the moment.
