HIPAA Privacy Rule Takes Effect April 14, 2003 - Be Informed
If you are a company who sponsors an employee health care plan, be prepared for the Privacy Rules of The Health Insurance Portability and Accountability Act (HIPAA). The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was the single most significant piece of federal legislation affecting the health care industry, since the inception of the Medicare and Medicaid programs. Enacted August 21, 1996, to combat waste, fraud and abuse, improve portability of health insurance coverage, and simplify administration of healthcare. The provisions of HIPAA are broad and far reaching.
If you are an employer sponsoring a self-insured health plan (medical, dental, vision, Section 125 plan or employee assistance program) you will be affected by the Privacy Rules of HIPPA.
The Privacy Rule gives consumers five rights:
- The right to review and copy their health information
- The right to request an amendment of their health information
- The right to have a reporting of disclosures of their health information
- The right to request a disclosure restriction of their health information
- The right to request alternative methods of communication of their health information
This rule also indicates three definite administrative responsibilities in regards to the five consumer rights:
- Safeguards (includes security, physical access, etc.)
- Use and Disclosure of information (includes minimum necessary, routine disclosures, etc.)
- Administrative Requirements (includes training, record retention, documentation, Notice of Privacy Practices, Privacy Office, etc.)
The rule also imposes fines and imprisonment for individuals or companies that do not comply.
The Impact . . . . What This Rule Means To You!
As providers of health related services you are responsible for understanding the application of this rule to your business and informing your consumers/employees of their rights and performing responsibilities provided under the HIPAA Privacy Rule.
Who is affected?
All healthcare organizations. This includes all health care providers, health plans, employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities.
April 14, 2003 – by this date, all staff/employee training should have been conducted, and all policies, procedures and practices are in place.
For more detailed information, you may visit the United States Department of Human and Health Services at http://www.hhs.gov/ocr/hipaa/whatsnew.html