The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996. HIPAA provides rights and protections for participants and beneficiaries in group health plans.
Missing the Last Piece to Your Risk Management Solution?
Missing the Last Piece to Your Risk Management Solution?
Our custom Training Services will give you many benefits.
Our custom Training Services will give you many benefits.
The possibilities are endless with AccessPhly Loss Control.
The possibilities are endless with AccessPhly Loss Control.
Downloads
Download PIC Loss Control Intro Letter
Download PIC Loss Control Services Brochure
The whole idea behind the privacy rules is to have "the patient in the driver's seat" in relation to the release of her own private and sensitive health information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996. HIPAA provides rights and protections for participants and beneficiaries in group health plans. HIPAA includes protections for coverage under group health plans that limit exclusions for
pre-existing conditions; prohibits discrimination against employees and dependents based on their health status; and allows a special opportunity to enroll in a new plan to individuals in certain circumstances. HIPAA legislation has four primary objectives:

  • Assure health insurance portability by eliminating job-lock
    due to pre-existing medical conditions.
  • Reduce healthcare fraud and abuse. 
  • Enforce standards for health information. 
  • Guarantee security and privacy of health information.

Under the law, companies must take specific measures to guard the privacy of medical information. This includes providing a uniform level of protection for physical storage, maintenance, transmission and access to individual health information.

The whole idea behind the privacy rules is to have "the patient in the driver's seat" in relation to the release of her own private and sensitive health information.

How do I know if I must comply with HIPAA?

If you are a Covered Health Care Provider and you, your business, or agency furnish, bill or receive payment for health care in the normal course of business, conduct covered transactions and transmit any covered transaction in electronic form then you are required to comply with HIPAA.

If your Business or Agency is a Health Care Clearing House and the business or agency process, or facilitate the processing of, health information from nonstandard format or content into standard format or content or from standard format or content into nonstandard format or content and your business or agency perform this function for another legal entity then you are required to comply with HIPAA.

What are the penalties if I do not comply?

Civil Money Penalties. HHS may impose civil money penalties on a covered entity of $100 per failure to comply with a Privacy Rule requirement. That penalty may not exceed $25,000 per year for multiple violations of the identical Privacy Rule requirement in a calendar year.

 Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA faces a fine of $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to ten years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm. Criminal sanctions will be enforced by the Department of Justice.

How might I become liable under HIPAA?

You can damage an individual’s reputation if you use Protected Health Information (PHI) improperly. This information could be utilized in a discriminatory manner with an employer. Some examples where this could be a factor include mental health conditions such as depression, anxiety and suicidal tendencies. Drug abuse, alcoholism, cancer, HIV are also hot button areas. Improper disclosure of this information could lead to costly litigation.

Some additional causes of action that might be expected to surface are:

  • Not following the existing company policies and procedures covering the Privacy Rule. The company PHI policies should be provided to all clients/patients. The client/patient must have a clear understanding as to their right to request restrictions of its use and disclosure.
  • Deliberate revelation of PHI by an employee.
  • Insufficient policies and procedures.
  • Lack of providing proper supervision and training.
  • Premeditated infliction of emotional distress.

How can I get in compliance?

It is highly suggested that you contract one of a variety of HIPAA compliance companies offering software or documentation to assist them in meeting the guidelines and letter of the Act. Some of the companies offering these programs include:

Idea Star http://www.insurance-technologies.com

H.J. Ross http://www.hjrosscompany.com

For Medical Practitioners

HIPAA-MD http://www.hipaa-md.com/hipaa-md

Web Sites For Additional Information On The Act

www.hipaa.org, www.hhs.gov/ocr/HIPAA, http://www.hrsa.gov/website.htm

For more information on HIPAA (HIPAA Technical Bulletin) or any additional safety information, please log on to our loss control website and register at www.losscontrol.com.

IMPORTANT NOTICE - The information and suggestions presented by Philadelphia Indemnity Insurance Company in this E-Brochure is for your consideration in your loss prevention efforts. They are not intended to be complete or definitive in identifying all hazards associated with your business, preventing workplace accidents, or complying with any safety related, or other, laws or regulations. You are encouraged to alter them to fit the specific hazards of your business and to have your legal counsel review all of your plans and company policies.

LossControl.com