What Does HIPAA Protect?

Share this article on:

The Health Insurance Portability and Accountability Act of 1996 is a set of standards that healthcare organizations must comply with, but what does HIPAA protect?

What Does HIPAA Protect?

HIPAA introduced rules that govern the uses and disclosures of health information (the HIPAA Privacy Rule) and physical, technical, and administrative safeguards that must be implemented to ensure the confidentiality, integrity, and availability of health information (the HIPA Security Rule). Essentially, these two aspects of HIPAA protect the privacy of patients and health plan members.

HIPAA also helps protect patients from harm. In the event that health information is exposed, stolen, or impermissibly disclosed, patients and health plan members must be informed of the breach to allow them to take action to protect themselves from harm, such as identity theft and fraud.

What is Protected Under HIPAA Law?

The types of information protected under HIPAA includes all health information created, used, maintained or transmitted by a HIPAA-covered entity or a business associate of a HIPAA-covered entity for treatment purposes, payment for healthcare services or healthcare operations.

Health information includes diagnoses, treatment information, test results, medications, health insurance ID numbers, and all other identifiers that allow a patient to be identified. HIPAA also covers contact information including telephone numbers, addresses, email addresses, dates of birth, and demographic information.

Any health data collected, stored, used, or transmitted by a HIPAA-covered entity that contains one of the 18 identifiers below, must be safeguarded at all times and the allowable uses and disclosures of such information are extremely limited. Generally speaking, uses and disclosures are restricted to healthcare operations, the provision of treatment or payment for healthcare.

The exception is when a prior HIPAA authorization has been obtained from a patient in which permission is granted to provide that individual’s health information to a third party or to use the information for a reason not otherwise allowed by the HIPAA Privacy Rule or if the health information has been stripped of all 18 of the above identifiers.

Personal Identifiers Under HIPAA

  1. Names (Full name or last name and first initial)
  2. Geographical identifiers
  3. Dates (other than year) directly related to an individual
  4. Phone Numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers
  13. Device identifiers and serial numbers;
  14. Website URLs
  15. IP address numbers
  16. Biometric identifiers
  17. Full face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On