HIPAA privacy compliance protects private health information of US citizens through policies summarized in the Privacy Rule. Entities subject to the rule include healthcare providers, health plans, and clearinghouses. Violations can result in fines up to $11,000 USD per violation. Compliance is monitored by the HHS Office of Civil Rights.
In the United States, HIPAA privacy compliance refers to a set of policies enacted in 1996 that protect and secure the private health information of US citizens. These policies are summarized in the Standards of the Individually Identifiable Health Information Privacy Act, otherwise known as the Privacy Rule. Under HIPAA privacy compliance codes, entities that must adhere to government private health information standards include health care providers, health plans, and health care clearinghouses. Compliance is voluntary for medical facilities and other businesses that may handle private health information, such as adoption agencies, welfare programs, and health insurance companies.
HIPAA privacy compliance standards protect all “individually identifiable health information.” This is any private information that could be used to identify someone, such as a person’s name, address, and social security number. These could also be classified as demographics and information relating to the health and medical history of a specific individual.
Entities subject to privacy rule guidelines include health plans, health care providers, and health clearinghouses. Essentially, entities subject to the Privacy Rule are prohibited from using or sharing an individual’s private health information unless it is for a purpose deemed permitted by HIPAA. The release of information also requires the patient’s permission.
Not all activities related to the medical sector fall within the guidelines of the Privacy Policy. The US Department of Health and Human Services (HHS) has a specific set of criteria to identify which companies must adhere to HIPAA privacy compliance rules. Healthcare providers, for example, only fall under HIPAA privacy compliance if they transmit electronic information in a manner that meets HIPAA standards. Healthcare providers include individual professionals, such as doctors, dentists and psychologists, as well as businesses such as clinics, pharmacies and nursing homes.
Health plan entities that must follow HIPAA privacy compliance rules include corporate health plans, health insurance companies, and HMOs. Government programs such as Medicare and Medicaid are also included in this group. Health care clearinghouses required to comply include any entity that processes non-standard health information received from third parties, such as billing service companies and community health information systems.
If companies are found to be in violation of HIPAA privacy compliance policies, they can be fined a civil penalty of up to $11,000 US Dollars (USD) for each violation. Compliance is monitored by the HHS Office of Civil Rights (OCR). OCR has the power to conduct reviews to ensure compliance and to investigate privacy violation complaints. Under HIPAA, individual states still retain the ability to impose stricter privacy standards on healthcare entities.
Protect your devices with Threat Protection by NordVPN