An Introduction to the Health Insurance Portability and Accountability Act
A Post-Digital Awakening
24 years ago, civilization was on the brink of a socio-digital revolution. Apple was ushering in its golden era, Amazon was making its first strides in e-commerce, and the world’s first meme creators were only learning about desktop computers and MS Paint. The healthcare industry, on the other hand, had to grow wary. The digitalization of healthcare meant that PHI (Personal Health Information) would soon be hosted on electronic servers instead of thick binders, and the government was immediately made privy to its privacy concerns. The result was the passing of the Health Insurance Portability and Accountability Act, or HIPAA, by Congress in 1996. HIPAA Compliance became a mandate for healthcare organizations across the country, creating a standard of rules and regulations to ensure patient privacy and organizational compliance.
The Five Titles
The main objective of HIPAA was to regulate how healthcare organizations maintained Personally Identifiable Information (PII) to protect it from fraud and theft. The act consists of five titles, each addressing a specific concern in the post-digital healthcare world:
Title I: Health Care Access, Portability, and Renewability
Title I regulates health insurance coverage provided by insurance companies and employers to ensure that a new employee’s medical insurance coverage is continuous, regardless of pre-existing conditions.
Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform
This title lays the groundwork for HIPAA compliance by defining new requirements for the privacy and security of individually identifiable patient information.
Title III: Tax-Related Health Provisions Governing Medical Saving Accounts
Title III is related to pre-tax MSAs (Medical Saving Accounts). It standardizes the amount saved per account. Introduced in 1997, MSAs provide coverage to employees under an employer-sponsored high deductible plan.
Title IV: Application and Enforcement of Group Health Insurance Requirements
Title IV regulates group health insurance plans and their coverage of people with pre-existing conditions.
Title V: Revenue Offset Governing Tax Deductions for Employers
Title V regulates employers’ ability to deduct company-owned life insurance premiums for income tax purposes.
Title II and Healthcare Privacy
The HIPAA law is intended to improve the efficiency and effectiveness of American healthcare. Of all titles, Title II is the most significant to organizations that are considered ‘covered entities’ under the law. Covered entities include health plans, health information systems, and healthcare providers, and the independent business associates of these entities. The title’s policies ensure the privacy and security of identifiable health information by levying civil money penalties on all violations. Some of Title II’s salient rules are:
Privacy Rule: The HIPAA Privacy Rule consists of regulations for the use and disclosure of PHI in treatment, payment, and operations by covered entities.
Omnibus Rule: This is an umbrella term for a set of cyber regulations on the custody of PHI data and data breaches in healthcare organizations and their business associates.
HITECH Act: Part 1 of The Health Information Technology for Economic and Clinical Health Act requires covered entities to report data breaches that affect 500 or more persons to the United States Department of Health and Human Services (US HHS), the media, and the people affected.
Security Rule: The Security Rule complements the Privacy Rule by outlining physical, administrative, and technical safeguards on electronic PHI.
Title II is also referred to as ‘HIPPA’ (as opposed to ‘HIPAA’), an abbreviation of ‘Health Insurance Privacy and Portability Act’.
The Need For HIPAA Compliance
Today, companies that deal with PHI are required to have physical, network, and process security measures to ensure that they are HIPAA compliant. HIPAA is beneficial to patients as well as covered entities, encouraging the latter to adopt new technologies that improve the quality and efficiency of patient care.
As a result of these concerns and benefits, Neomeda takes the privacy and security of patient medical data very seriously. Neomeda leverages its technology to ensure that it is a HIPAA-compliant company. The information exchanged in our apps is protected by multi-layer security, and in-app transactions are conducted via HIPAA-compliant vendors. All our personnel, including our business and management team members and affiliated medical professionals, are trained and certified to be HIPAA compliant.