Monday, May 26, 2014

Ruminating on HIPAA compliance

I was a bit confused on the intricacies of what entities are covered under HIPAA. The following article helped me clear a few cobwebs and also helped me appreciate the fact that it's impossible to protect all healthcare information all the time.

http://www.worldprivacyforum.org/2013/09/hipaaguide9-2/

The crux of the HIPAA regulation is that your information is only protected by a 'covered entity'. HIPAA defines 3 types of covered entities - Payer, Provider and Clearing House.

Posting interesting snippets from the site:

Health information that is protected when held by a covered entity. It may have no privacy protections when the information is held by a someone who is not a covered entity. In other words, health privacy protections depend on who has the information and not on the nature of the information. 

It is important to understand that HIPAA does not automatically cover all health care providers. A free health clinic may not be subject to HIPAA because it doesn’t bill anyone. A doctor who charges every patient $25 cash and does not submit a bill to any insurance company may not be covered by HIPAA. A first aid room at your workplace may or may not be covered by HIPAA.

Most school health records are not subject to HIPAA. Instead, school records (private schools are a major exception) are usually covered by another federal privacy law, the Family Educational Rights and Privacy Act (FERPA). 

The list of unregulated health record keepers is shockingly long. These include gyms, medical and fitness apps and devices not offered by covered entities, health websites not offered by covered entities, Internet search engines, life and casualty insurers, Medical Information Bureau, employers (but this one is complicated), worker’s compensation insurers, banks, credit bureaus, credit card companies. many health researchers, National Institutes of Health, cosmetic medicine services, transit companies, hunting and fishing license agencies, occupational health clinics, fitness clubs, home testing laboratories, massage therapists, nutritional counselors, alternative medicine practitioners, disease advocacy groups, marketers of non-prescription health products and foods, and some urgent care facilities