Share this article on:
The Health Insurance Portability and Accountability Act of 1996 is a set of standards that healthcare organizations must comply with, but what does HIPAA protect?
What Does HIPAA Protect?
HIPAA introduced rules that govern the uses and disclosures of health information (the HIPAA Privacy Rule) and physical, technical, and administrative safeguards that must be implemented to ensure the confidentiality, integrity, and availability of health information (the HIPA Security Rule). Essentially, these two aspects of HIPAA protect the privacy of patients and health plan members.
HIPAA also helps protect patients from harm. In the event that health information is exposed, stolen, or impermissibly disclosed, patients and health plan members must be informed of the breach to allow them to take action to protect themselves from harm, such as identity theft and fraud.
What is Protected Under HIPAA Law?
The types of information protected under HIPAA includes all health information created, used, maintained or transmitted by a HIPAA-covered entity or a business associate of a HIPAA-covered entity for treatment purposes, payment for healthcare services or healthcare operations.
Health information includes diagnoses, treatment information, test results, medications, health insurance ID numbers, and all other identifiers that allow a patient to be identified. HIPAA also covers contact information including telephone numbers, addresses, email addresses, dates of birth, and demographic information.
Any health data collected, stored, used, or transmitted by a HIPAA-covered entity that contains one of the 18 identifiers below, must be safeguarded at all times and the allowable uses and disclosures of such information are extremely limited. Generally speaking, uses and disclosures are restricted to healthcare operations, the provision of treatment or payment for healthcare.
The exception is when a prior HIPAA authorization has been obtained from a patient in which permission is granted to provide that individual’s health information to a third party or to use the information for a reason not otherwise allowed by the HIPAA Privacy Rule or if the health information has been stripped of all 18 of the above identifiers.
Personal Identifiers Under HIPAA
- Names (Full name or last name and first initial)
- Geographical identifiers
- Dates (other than year) directly related to an individual
- Phone Numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health insurance beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers
- Device identifiers and serial numbers;
- Website URLs
- IP address numbers
- Biometric identifiers
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code