News Feature | September 7, 2015

Simple Guide To HIPAA Released By HHS

By Megan Williams, contributing writer

Simple Guide To HIPAA Released By HHS

Your clients look to you for guidance in navigating the huge amount of information available around Health IT regulations. If you send newsletters, bulletins, or maintain a news presence on your website or social media, the newest informational release from the Department of Health and Human Services (HHS) will be something you want to include.

This seven-page document covers the basics of privacy, security, and breach notification for covered entities as mandated under HIPAA regulations. It begins with an overview of the Act itself: “The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules were established to protect the privacy and security of health information and provide individuals with certain rights to their health information. Among other provisions, the Privacy Rule sets standards for when protected health information (PHI) may be used and disclosed, while the Security Rule requires safeguards to ensure only those who should have access to electronic protected health information (ePHI) will have access. The Breach Notification Rule requires HIPAA covered entities to notify the Department of Health & Human Services (HHS), affected individuals, and in some cases the media (and business associates to notify covered entities) of breaches of unsecured PHI.”

What

It clearly defines:

  • the Privacy Rule and the definition of PHI
  • the Security Rule and how policies and procedures around it should be developed and implemented
  • the Breach Notification Rule and timelines relating to individuals, HHS, and the media.

Who

It also provides a breakdown of who must comply with HIPAA rules, explaining the concepts of covered entities and business associates. A list of examples of each is available on page 4.

Enforcement

Perhaps of most use to your clients will be the enforcement section. It gives examples of both a settlement case and criminal prosecution case, along with linking to additional information on the enforcement process available on HHS’ site.

Resources

Finally, additional resources are offered that include links to documents covering topics including:

HIPAA Simplification

HHS has been making efforts since earlier this year to simplify HIPAA, taking action including an email that made additions to its HIPAA Administrative Simplification FAQs, some of which are detailed here at Health IT Security.

The information in this document will only become more important as technology plays a deeper role in patient and provider lives and as it reaches into areas well beyond traditional clinical environments.