The HIPAA Basics

Apr 11, 2016 at 12:15 pm by Staff


The HIPAA Privacy Rule establishes a set of national standards for the use and disclosure of individually identifiable health information - often referred to as protected health information - by covered entities, as well as standards for providing individuals with privacy rights and helping individuals understand and control how their health information is used. HIPAA Privacy Rule requirements:

Several central tenets of the Privacy Rule are:

Patients' Rights and The Medical Practice's Responsibilities

Under HIPAA, patients have legal, individual rights to access their health information and learn about disclosures of their health information. As their healthcare provider, you are responsible for respecting these rights.

As a covered entity, you have responsibilities to patients under the HIPAA Privacy Rule, including:

The HIPAA Security Rule

The HIPAA Security Rule establishes national standards to protect individuals' electronic protected health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The HIPAA Security Rule requires providers to implement security measures, which help protect patients' privacy by creating the conditions for patient health information to be available, but not be improperly used or disclosed. These requirements apply only to e-PHI.

All healthcare providers considered "Covered Entities" under HIPAA (most are) are responsible for complying with the two related rules of HIPAA: Privacy and Security. The HIPAA Security Rule sets out specific protections that all covered providers must follow to protect health information. These practices include administrative, technical, and physical safeguards. These safeguards, when applied well, can help practices avoid some of the common security gaps that lead to cyber-attack or data loss. They can protect the people, information, technology, and facilities that health care providers depend on to carry out their primary mission: helping their patients.

The HIPAA Security Rule requires three kinds of safeguards: administrative, physical, and technical.

Michelle Bilsky is a medical malpractice insurance specialist with Danna-Gracey. She can be reached at Michelle@dannagracey.com.

Sections: Orlando Regulatory