The HIPAA Privacy Rule was first passed into law during 2002, aiming to safeguard the confidentiality of patients and their healthcare information. In addition to this it was also focused on allowing the flow of patient healthcare information when it is needed.
Also referred to as the “Standards for Privacy of Individually Identifiable Health Information”, the HIPAA Privacy Rule defines who can have access to Protected Health Information (PHI), the times it can be used, and who it can be shared with.
The HIPAA Privacy Rule not only applies to healthcare groups. It applies to any group that may encounter personal information in relation to a patient that – if it were given to a malevolent third party – could pose a danger to the patient’s finances or reputation. Due to this “covered entities” include health insurers, healthcare clearing houses, employer-sponsored health plans and third party medical service supplier to covered entities – generally referred to as “Business Associates”.
What Information is Secured under the HIPAA Privacy Rule?
The “Individually Identifiable Health Information” made safe by the HIPAA Privacy Rule is thorough. In addition to this, as PHI is often accessed by insurance providers and clearinghouses for billing data, individually identifiable health information not only includes items including names, addresses, date of birth and Social Security numbers, but also included are credit card information, vehicle registration plate numbers and even electronically-stored copies of a patient’s handwriting.
The HIPAA Privacy Rule not only applies to data that is in written format. Videos and images that have any individually identifiable health information are also provided with security under the HIPAA Privacy Rule. This means that if a healthcare provider has captured a photograph of a patient’s wound – and the identity of the patient can be determined by any distinguishing feature – the image is also safeguard under the HIPAA Privacy Rule and the guidelines for use and disclosure.