Understanding HIPAA

Today, most patients and physicians take for granted the need to protect medical information. When patients visit the provider they are asked to sign an acknowledgement that they understand how their information will be used. They may also be asked to indicate which family members will be authorized to have access to their medical data or their account information. All of these requirements have come about within the last twenty years and are connected to a much more extensive set of rules regarding protected information.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established uniform, national standards for the protection of patient’s health information. Prior to HIPAA, there was no consistent set of regulations applied with regularity across the healthcare industry.

The HIPAA Privacy Rule “establishes national standards to protect individuals’ medical records and other personal health information.” The HIPAA Security Rule applies to electronically transmitted medical information, such as that contained in electronic health records (EHRs). Additionally, the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted in 2009, to “promote the adoption and meaningful use of health information technology” while further protecting electronic health information.

Protected health information (PHI) includes any identifiable information that is included in a patient’s medical record. HIPAA protects the patient from the unauthorized release or use of this information. Electronic protected health information (ePHI) protects electronically transmitted data.

The Security Rule that protects ePHI applies to any system or any individual who has access to confidential patient data. Access is defined as having the means to read, write, modify, or communicate ePHI or personal identifiers that may reveal the identity of the patient.

EHRs must be particularly adept at protecting patient health records, to ensure the independent physician and all collaborating physicians remain HIPAA compliant. The cloud-based EHR provides the added advantage of safety and security, in addition to seamless delivery of patient information when and where it is needed and appropriate. Cloud-based servers utilize careful and tactical efforts (such as conducting risk analysis, encrypting data, etc.) in order to assure that a patient’s ePHI is kept safe and private.