paint-brush
Breaking Down The HIPAA Regulations and It's Role In Telehealthby@daltonic

Breaking Down The HIPAA Regulations and It's Role In Telehealth

by Darlington Gospel July 23rd, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act. It is federal legislation that requires the establishment of national standards to prevent information from being revealed on sensitive patient health without the agreement or knowledge of the patient. The Security Rule establishes national requirements for personal e-health data safeguards created, received, used, or retained by a covered organization. The Enforcement Rule includes laws on the compliance and probe of violation of the HIPAA Administrative Simplification Rules, the application of civil monetary fines, and hearing processes.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Breaking Down The HIPAA Regulations and It's Role In Telehealth
Darlington Gospel  HackerNoon profile picture

Introduction

In a data-driven world where data theft and data breaches are on the rise, the need for data protection laws is extremely welcomed. For example, what does a patient do in regards to his or her health information if it is compromised? How can people guard their health information against the myriad of companies needing their data? Are there laws in place to prosecute entities that leaks or share your health information without your consent? Follow this tutorial and all these answers will be addressed.


What is HIPAA?

HIPAA

Firstly, I will tell you what HIPAA is not. HIPAA is not HIPPO! HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act. It is a Federal law designated to protect your health information from unauthorized disclosures.


HIPAA is federal legislation that requires the establishment of national standards to prevent information from being revealed on sensitive patient health without the agreement or knowledge of the patient.


A Brief History of HIPAA

Image from securityintelligence.com

The history of the HIPAA began on 21 August 1996 when the HIPAA Act was signed, but why did it be introduced? HIPAA was established to "enhance health insurance coverage mobility and accountability" for staff across workplaces. The Act also aimed to prevent waste, fraud, and abuse in health and health insurance. The Act also included provisions for promoting the use of health saving bonds through the introduction of tax incentives, the covering of existing medical problems for employees, and the simplification of health insurance management.


The processes for streamlining the administration of health insurance have become a vehicle for promoting the health sector to computerize medical records of patients. That section of the Act led in 2009 to the establishment of the "Managing Use Incentives Program," which leaders in the health sector called "the main piece of health legislation in the previous 20 to 30,' in the Health Information Technology Act on Economic and Clinical Health (HITECH).


HIPAA Regulations

Pixabay: Photo by Geralt

There are about four regulatory acts provided in HIPAA to protect health data and they are as follows.


The Privacy Rule The HIPAA Privacy Rule sets national standards for the protection of medical records and other personal health information and includes health plans, clearinghouses, and healthcare providers conducting certain digital healthcare transactions.


The Security Rule The HIPAA security rule establishes national requirements for personal e-health data safeguards created, received, used, or retained by a covered organization.


The Enforcement Rule The HIPAA Enforcement Rule includes laws on the compliance and probe of violation of the HIPAA Administrative Simplification Rules, the application of civil monetary fines, and hearing processes.


The Breach Notification Rule The HIPAA Breach Notification Rule requires the categorized entities to report an infringement of an unsecured PHI to the impacted person; HHS; and, in some circumstances, the media. An infringement is generally an unacceptable use or disclosure under the Data Protection Rule which jeopardizes the privacy or safety of PHI.


Definition of HIPAA Terms

Image by Robin Higgins from Pixabay

You must be saying, "What are all these acronyms and abbreviations all about?". Don't worry, we got you covered. Below is the definition of terms you must understand when discussing HIPAA.


HIPAA - Health Insurance Portability and Accountability Act. HHS - Human Health Services, a U.S department for protecting the health of all Americans and providing essential human services. PHI - Protected/Personal Health Information. BAA - This means a business associate agreement. It is a contract between a HIPAA-covered entity and a vendor used by that covered entity. Covered Entities - This is any person, business, or organization that needs to comply with HIPAA.

Use and Disclosure of PHI In HIPAA


When Does the HIPAA Privacy Rule Require Use and Disclosure of PHI? A covered entity is only required to disclose protected health information in two circumstances, according to the HIPAA Privacy Rule:

  • To people (or their personal representatives) who seek access to, or an accounting of, their protected health information; and
  • To the Department of Health and Human Services (HHS) when it conducts a compliance inquiry, review, or enforcement action.

HIPAA & Telehealth

Telehealth Care

Some reasons why you should be concerned about your telehealthcare, but what is telehealth in the first place?

Wikipedia defines telehealth as the distribution of health-related services and information via electronic information and telecommunication technologies. It allows long-distance patient and clinician contact, care, advice, reminders, education, intervention, monitoring, and remote admissions.


Does HIPAA apply to you and your telehealth practice? HIPAA applies to you if you are a health care provider who provides personal medical information. If you do, you are a protected organization (covered entity).


Is the information you are transmitting considered PHI?

All that can be used to identify someone is potentially PHI. There are 18 types of identifiers considered PHI. Examples related to telehealth care include name, telephone numbers, anniversaries, IP address, email addresses, device identifiers, and pictures.


Do I have business associates?

A Business Associate is an individual who creates, receives, maintains, or transmits PHI on your behalf; or who has the ability to communicate with PHI in your practice.

HIPAA Compliance

HIPAA Compliance

Physical, administrative, and technical precautions are used to ensure HIPAA compliance. HIPAA compliance cannot be achieved solely through technology. Here are some things you and your business associates should perform and document.


Risk Assessment Undergo a comprehensive examination of where you store or access PHI and how secure each location is. Take the necessary actions to secure it in a manner that is appropriate for your company. Make a list of your security policies and processes, and record them. Train your personnel on a regular and consistent basis.


Information Systems Activity Review Perform and document regular checks of access logs or other records for unauthorized activity. If you find any, it may be terrible news, but you want to be the one to find it first. Report the breach and deploy a patch as soon as possible. Consult with a professional about your next steps.


Conclusion

To conclude, we have learned quite a lot of things about the health insurance portability and accountability act (HIPAA) today. We have seen how this law protects users against data theft and breaches and how to address issues arising from patients' data infringements. We have seen how integral HIPAA is to the health industry, especially as regards the growing hybridization of information technology and healthcare/medicine.




About Author

Gospel Darlington is a remote full-stack web developer, prolific in Frontend and API development. He takes a huge interest in the development of high-grade and responsive web applications. He is currently exploring new techniques for improving progressive web applications (PWA). Gospel Darlington currently works as a freelancer and spends his free time coaching young people on how to become successful in life. His hobbies include inventing new recipes, book writing, songwriting, and singing. You can reach me on LinkedIn, Twitter, Facebook, or GitHub.


Key resources to learn more about HIPAA