HIPAA:-Health Insurance portability and Accountability Act
HIPPA compliances protects the privacy of patient's information for electronic
and physical security of patient health information (PHI)
Security Rule applies to the following covered entities:
- Covered Healthcare Providers— Any provider of medical services who
transmits any health information in electronic form
- Health Plans— Any individual or group plan that pays the cost of medical
care (e.g., a health insurance issuer and the Medicare programs).
- Healthcare Clearinghouses— A public or private entity that processes
another entity's healthcare transactions from a standard format to a
nonstandard format, or vice versa.
- Medicare Prescription Drug Card Sponsors – A nongovernmental entity that
offers an endorsed discount drug program under the Medicare Modernization
What Information Must Be Protected
- All the information related to a patient's past, present or future
physical and/or mental health or condition
- Information in any form: written, spoken, or electronic.
- If information includes at least one of the following mentioned personal
identifiers in association with health information:
- Name, Postal address, all elements of dates except year, Telephone number,
- Fax number, Email address, URL address, IP address, Social security number,
- Account numbers, License numbers, Medical record number, Health plan
- Device identifiers and their serial numbers, Vehicle identifiers and serial
- Biometric identifiers, (finger and voice prints), Full face photos and other
comparable images, any other unique identifying number, code, or
PHI can be disclosed to:
The NOPP (Notice of Privacy Practices) allows PHI to be used and disclosed for
purposes of TPO Treatment (T), Payment (P), and Operations (O)
What can be done to guarantee compliance?
The diagram below shows a simple flow that can help one to achieve compliance's easily. If we follow all the safeguards mentioned below, we can easily achieve
all HIPAA compliance's.