In this article I have added a brief summary of the HIPAA Law and a list of websites regarding the use and protection of sensitive patient data.
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
HIPAA Regulates the use and disclosure of an individual’s health information and gives patients greater control over the use of their health information.
What is considered “personally-identifiable health information”?
Health information is considered to be personally identifiable if it relates to a specifically identifiable individual; under 45 C.F.R. § 160.103, it generally includes the following, whether in electronic, paper, or oral format:
- Health care claims or health care encounter information, such as documentation of doctor’s visits and notes made by physicians and other provider staff;
- Health care payment and remittance advice;
- Coordination of health care benefits;
- Health care claim status;
- Enrollment and disenrollment in a health plan;
- Eligibility for a health plan;
- Health plan premium payments;
- Referral certifications and authorization;
- First report of injury;
- Health claims attachments;
- Health care electronic funds transfers (EFT) and remittance advice; and
- Other transactions that HHS may prescribe in future regulations.