Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

A - Z Index | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z| En Español

Health Insurance Portability and Accountability Act (HIPAA) : HIPAA Privacy and Security

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides provisions on the disclosure and use of an indivudal's health information.  The MHCC provides resources to assist the health care industry in complying with the HIPAA rules for privacy and security.  Users of this information are encouraged to implement the HIPAA privacy and security standards in a manner that is reasonable and consistent with their organizational structure.  HIPAA protects the confidentiality of a person’s identifiable health information via electronic media. This regulation:

  • Gives patients control over the use of their health information;
     
  • Defines the boundaries for the use and disclosure of health records by covered entities, which can include a health plan, healthcare clearinghouse, and a healthcare provider
     
  • Establishes standards that healthcare providers must comply with
     
  • Limits the use of personal health information (PHI) and minimizes the chances of inappropriate disclosure;
     
  • Makes provisions for investigating compliance-related issues and holds violators accountable with civil or criminal penalties for violating the privacy of an individual PHI; and
     
  • Supports the cause of disclosing PHI without individual consent for individual healthcare needs, public benefit, and national interests
     

    • Resources

    The MHCC has developed the following documents that provide guidance in understanding and implementing HIPAA

    • Key HITECH Changes to HIPAA 
      The Health Information Technology for Economic and Clinical Health Act (HITECH or Act) was passed by the federal government under the American Recovery and Reinvestment Act of 2009. HITECH represents a historic investment in health information technology to improve the quality of health care delivery and patient care. HITECH made changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), particularly with regards to strengthening the privacy and security of protected health information (PHI) and increasing the penalties for violations of HIPAA. This chart summarizes key modifications to HIPAA by HITECH, which began to take effect in 2010.
    • HIPAA - A Guide to Privacy Readiness, v.4
      This guide discusses how covered entities and Business Associates hold and disclose a person’s individually identifiable health information, whether electronically, on paper, or orally.  With the passage of the American Recovery and Reinvestment Act of 2009 (ARRA), the guide also addresses such areas as the reporting of a breach in security or the privacy of unsecured protected health information (PHI), the inclusion of business associate’s with the reporting of breaches, and the disclosure of a limited data set or “minimum necessary” PHI.
    • HIPAA - A Guide to Security Readiness
      This guide provides the leading best practices in implementing the security standards designed to protect the confidentiality, integrity, and availability of electronic protected health information that is created, received, maintained, or transmitted by a covered entity, which includes payers, providers, claims clearinghouses, and business associates 
    • State versus Federal Comparison:  HIPAA Privacy Statute & Regulation
      This document compares the similarities and differences in regulations addressing privacy of health care information between the Maryland Confidentiality Of Medical Records Act (MCRMA) and the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).
    • CMS HIPAA Security Guidance: Portable Devices and External Systems or Hardware  
      This document provides information on how a covered entity and Business Associate may protect electronic protected health information (EPHI) when accessed or used offsite, or outside the organization’s physical environment.  These guidelines on the remote access to or use of EPHI places emphasis on:  risk analysis and risk management strategies; policies and procedures for safeguarding EPHI; and security awareness and training on the policies and procedures for safeguarding EPHI.
    • ARRA and HIPAA Flyer
    • HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health (HITECH) Act  
      The flyer summarizes the changes with the passage of the HITECH Act to the HIPAA Privacy Rule that require covered entities, including Business Associates, provide to an individual an accounting regarding disclosure of one’s PHI that are likely to impact their personal and legal interests, and the right for an individual to receive a report that indicates who has accessed their electronic PHI.  
    •  National Provider Information (NPI) Timeline  
      This document discusses the requirements for health care providers who are considered a HIPAA covered entity to obtain and use standard unique identifiers or an NPI with the submission of HIPAA standard electronic transactions, which include electronic claims, eligibility, claim status, or remittance  
    • Links to HIPAA Sites

     

    Last Updated:  August 8, 2012