HIPAA and HITECH lay out strict standards governing information security and privacy of patient information. While HIPAA/HITECH may be a boon to the security of healthcare information, they also throw up a number of challenges like high costs, tracking regulatory changes, extensive documentation and several others.
HITECH is the Health Information Technology for Economic and Clinical Health Act, which brings additional compliance standards to healthcare organizations. It is directly related to HIPAA, and was part of the American Recovery and Reinvestment Act of 2009.
HIPAA is broadly divided into two sections or titles and now includes the new final rule. Title I protects the health insurance rights of workers who change or lose their jobs. It also limits the number of restrictions that health insurance companies can impose on individuals with pre-existing health conditions.
Title II is far more influential.
Also known as the Administrative Simplification provisions, it contains rules, standards, and guidelines to protect sensitive health information. These rules include the Transaction and Code Sets Rule which streamlines and secures transaction processes among healthcare institutions, and the Unique Identifiers Rule which mandates that all healthcare providers have a National Provider ID to file claims.
While these two rules are extremely important, a lot more attention is being paid to the Privacy and Security Rules, especially as the integrity of data becomes increasingly threatened. Both rules contain extensive provisions and guidelines surrounding the use, protection, and disposal of sensitive health information. With the introduction of the final rule, the focus is bound to shift to new areas of compliance, and new patient information privacy requirements.
The Privacy Rule
The Privacy Rule was instituted to protect all individually identifiable health information or PHI that is stored or transmitted. This information includes any part of an individual’s medical records, health status, or payment history.
The Privacy Rule provides standards and guidelines concerning the use and disclosure of individual PHI. For instance, it allows information to be disclosed while reporting child abuse or to facilitate a particular treatment. It also enables individuals to control how their health information is used.
According to the HHS, “A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected, while allowing the flow of health information needed to provide and promote high quality healthcare and to protect the public’s health and well-being.”