The most important federal law ever created for protection against medical identity theft is HIPAA, which stands for Health Insurance Portability & Accountability Act of 1996. HIPAA is commonly misunderstood to be an act specifically about health privacy, but it actually covers other topics apart from it. HIPAA is well known for triggering the Department of Health and Human Services to write the Health Privacy Rule which took effect on the 13th of April, 2003. The Act also requires the health care industry to comply with medical information security standards. The Centers for Medicare and Medicaid Services or CMS was tasked to be responsible for the HIPAA Security Standards.
In HIPAA, the term patient is replaced by the word "individual" since not everyone who has medical record is necessarily a patient, although they could mean the same thing since everyone can become a patient eventually. HIPAA also introduced the term PHI which stands for Protected Health Information. PHI is basically all the health information about an individual, more commonly known as health record or medical record. The Health Privacy Rule applies to all records in any medium - written, digital, electronic, whether on paper, computer disc, tree bark or scrap. HIPAA Security Rule however, applies only to protected electronic information from covered entities such as hospitals, and insurance companies.
To be more specific, the following are considered HIPAA covered entities:
Health Care Clearinghouses - These are organizations or offices tasked to reformat or transmit the information, typically, medical results and billing details, from hospitals or clinics to insurance companies. They do not have direct connection to the patients or to the insurance companies. They are merely transmitter of information.
Health Plans - These are the policies and health packages acquired by individuals.
Health Care Providers - The physicians, nurses, surgeons, laboratory technicians, pharmacists, therapists, and the hospital itself are all considered health care providers. Simply put, anyone licensed to provide medical help is considered a health care provider. It is important to note however, if the health provider does not bill for the services offered, say, pro-bono clinics, then this entity is not covered by HIPAA. Same goes for clinics who accept only cash payments. Since they do not deal with health insurance companies, then they are not subject to HIPAA.
There are also Hybrid Entities, like that Pharmacy inside a supermarket. Since they transmit electronic records of medical purchases, but also offer other non-medical products, then they are considered mixed or hybrid type.
The sad part is, the list of exempted from HIPAA are longer than the covered entities. Among them are school health records, gyms, health websites, Medical Information Bureau, private employers, cosmetic medicine service providers, alternative medicine practitioners, occupational health clinics, fitness clubs, massage therapy clinics, nutrition counselors, disease advocacy groups, and non-prescription products marketers. And the list continues as more and more companies and providers are limiting the charging of services to cash and credit transactions than claims to insurance policies.
Tina L. Douglas is a well established author on the topic of identity theft.
For more advice and information on identity theft service [http://10identitytheftservices.com/] and identity protection [http://8identityprotection.com/], just click on these links.
Article Source: http://EzineArticles.com/expert/Tina_L_Douglas/506723
No comments:
Post a Comment