HIPPA is a privacy law for keeping personal information and health records secure. Everyone deserves privacy when it comes to their personal well being. HIPPA was enacted through the state. This was enacted on August 21, 1996 and became public law 104-191; sections 261 through 264 of HIPPA required the Secretary of HHS to publicize standards for electronic exchange, privacy and security of health information. Legislation proposed a rule and released it for public comment on November 3, 1999, final regulation published December 28, 2000.
In March 2002, Department proposed and released for public modifications so final form on August 14, 2002. The privacy rule protects all individually identifiable health information held or transmitted by covered entity or its business associate in any form or media whether electronic, paper, or oral. There are two general principles for uses and disclosures: Basic- major purpose is to define and limit the circumstances in which an individual’s protected health information may be used or disclosed by covered entities.
A covered entity may not use or disclose protected health information except either: 1) as privacy rule permits or requires; 2) as individual who is the subject of the information (or individual’s personal representative) authorizes in writing. Required- a covered entity must disclose protected health information in only two situations; a) to individuals ( or their personal representatives) specifically when requested access to, or an accounting of disclosures of, their protected health information; and b) to HHS when it is undertaking a compliance investigation or review or enforcement action. There is training for workforce and management.
This would include employees, volunteers, trainees, and may also include other persons whose conduct is under the direct control of the entity (whether or not they are paid by the entity). Anyone who violates its privacy policies and procedures can be sanctioned appropriately. There are safeguards put in place and can be traced because everyone that has access has a code/password and it is monitored. Only staff that is accessible should be viewing files no one else and staff needs to abide by the rules as well. There are enforcements and penalties as well for giving out the information without authorization.
Penalty amounts which were before 2/18/2009 was $100 per violation and calendar year cap was $25,000. After 2/18/2009 violation penalties went up to $100 – $50,000 or more per violation and $1,500,000 calendar year. There are also criminal charges/penalties which consist of fines to up to imprisonment. When information of privacy gets out it doesn’t make the management look good, patience’s lose trust and the health care can suffer knowing things get out, privacy wasn’t protected. All covered entities except small health plans had to be compliant with the Privacy Rule by April 14, 2003, however had to April 14, 2004 to comply.