HIPAA – Forgotten But Not Gone

With so much emphasis being placed on Affordable Care Act (ACA) compliance these days, some folks have gradually (and frighteningly) forgotten about the ACA’s “older brother” – the Health Insurance Portability and Accountability Act (HIPAA).  Several ACA provisions supersede or expand upon HIPAA provisions that went into effect on and after January 1, 1997 (e.g., preexisting condition limitations, guaranteed issue/renewability, certificates of creditable coverage, etc.).  However, the ACA did virtually nothing to change the privacy and security aspects of HIPAA, which are not only still in effect, but carry stiff fines and penalties for non-compliance.

HIPAA created a new acronym – PHI – which stands for protected health information.  And among the many requirements created by HIPAA, perhaps none are more important than those addressing the request, disclosure and use of PHI by “covered entities” and “business associates”.  HIPAA privacy rules also create rights for individuals to access, review, and amend their PHI.  Readers are likely familiar with the seemingly constant flow of HIPAA disclosure notices.  I want to provide a considerable amount of caution in this week’s post, relative to HIPAA and PHI:

To access the complete article, click – https://smstevensandassociates.com/ResourceLibrary/tabid/192/Default.aspx