For any business that handles health information of any kind, understanding HIPAA is essential. The consequences of falling afoul of HIPAA can be very severe, potentially even fatal for a business. Everyone is affected by HIPAA, not just businesses handling health data. If you have ever shared information about your health with anyone then HIPAA is relevant to you.
What Is HIPPA?
HIPAA is an acronym for the Health Insurance Portability and Accountability Act. It is a piece of federal legislation in the US that governs how healthcare information is collected, stored, and shared. The act contains stipulations for how personal data can and should be used, as well as the measures that data custodians are required to take to ensure that personal information remains secure and confidential.
HIPAA was first passed in 1996. Obviously, a lot has changed since then and modern healthcare records are generally digitized. As a result, the legislation itself has also evolved over the years, incorporating new technologies and broadening the scope of the act accordingly.
What Is The Purpose Of HIPAA?
The primary purpose of HIPAA is hard to pin down and most people agree that its focus has shifted somewhat over the years. However, a significant motivating factor behind the legislation was the need to ensure that the concept of patient-doctor confidentiality could still apply in the digital age. It also became necessary to protect personal health information as the number of businesses and services handling that information increased.
HIPAA does not stipulate how businesses should ensure their compliance with the act, leaving the door open for businesses to devise their own solutions.
Who Does HIPAA Apply To?
HIPAA applies to any business or individual that holds personal health information about any individual. Protected Health Information, the information covered by the act, consists of health information that is stored alongside personal identifiers that enable that health information to be tied to a specific individual. For this reason, many businesses that need to access sensitive information such as medical records will use a HIPAA compliant service to retrieve the information, thereby removing the business’s liability for the data they fetch.
This means that anonymized health data is not covered by the act. Health information in isolation that cannot be traced back to a specific individual identity is not covered by HIPAA. For example, a healthcare professional is allowed to talk about the patients that they treat in as much detail as they like, provided that they don’t include any information that could be used to identify specific individuals.
Any business that handles healthcare data along with their customers’ personal data needs to pay close attention to their HIPAA compliance. Falling afoul of HIPAA can have serious repercussions for a business. In the best cases, it can lead to hefty fines and other sanctions. In the worst cases, a HIPAA violation could spell the end of a business entirely.
For any American citizen, it is comforting to know that HIPAA exists and affords our health information a degree of privacy.