Group Insurance Health Care and the HIPAA Privacy Rule

HIPAA stands for Health Insurance Portability and Accountability Act. When I hear people talking about HIPAA, they are usually not talking about the original Act. They are talking about the Privacy Rule that was issued as a result of the HIPAA in the form of a Notice of Health Information Practices.

The United States Department of Health & Human Services official Summary of the HIPAA Privacy Rule is 25 pages long, and that is just a summary of the key elements. So as you can imagine, it covers a lot of ground. What I would like to offer you here is a summary of the basics of the Privacy Rule.

When it was enacted in 1996, the Privacy Rule established guidelines for the protection of individuals’s health information. The guidelines are written such that they make sure that an individual’s health records are protected while at the same time allowing needed information to be released in the course of providing health care and protecting the public’s health and well being. In other words, not just anyone can see a person’s health records. But, if you want someone such as a health provider to see your records, you can sign a release giving them access to your records.

So just what is your health information and where does it come from? Your health information is held or transmitted by health plans, health care clearinghouses, and health care providers. These are called covered entities in the wording of the rule.

These guidelines also apply to what are called business associates of any health plans, health care clearinghouses, and health care providers. Business associates are those entities that offer legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services.

So, what does a typical Privacy Notice include?

  • The type of information collected by your health plan.
  • A description of what your health record/information includes.
  • A summary of your health information rights.
  • The responsibilities of the group health plan.

Let’s look at these one at a time:

Information Collected by Your Health Plan:

The group healthcare plan collects the following types of information in order to provide benefits:

Information that you provide to the plan to enroll in the plan, including personal information such as your address, telephone number, date of birth, and Social Security number.

Plan contributions and account balance information.

The fact that you are or have been enrolled in the plans.

Health-related information received from any of your physicians or other healthcare providers.

Information regarding your health status, including diagnosis and claims payment information.

Changes in plan enrollment (e.g., adding a participant or dropping a participant, adding or dropping a benefit.)

Payment of plan benefits.

Claims adjudication.

Case or medical management.

Other information about you that is necessary for us to provide you with health benefits.

Understanding Your Health Record/Information:

Each time you visit a hospital, physician, or other healthcare provider, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment.

This information, often referred to as your health or medical record, serves as a:

Basis for planning your care and treatment.

Means of communication among the many health professionals who contribute to your care.

Legal document describing the care you received.

Means by which you or a third-party payer can verify that services billed were actually provided.

Tool in educating health professionals.

Source of data for medical research.

Source of information for public health officials charged with improving the health of the nation.

Source of data for facility planning and marketing.