HIPAA Rules: Privacy (Clarke & Company Benefits, LLC)
The HIPAA Privacy Rule governs the use and disclosure of personally identifiable health information. Key provisions of the Privacy Rule are listed below.
The Privacy Rule governs protected health information, or PHI, which is individually identifiable health information in any form (oral, paper and electronic). To qualify as PHI, the information must be created or received by a covered entity and it must relate to:
- The past, present or future physical or mental health or condition of an individual;
- The provision of health care to an individual; or
- The past, present or future payment for the provision of health care to an individual. PHI does not include employment records held by an employer in its role as an employer (not a plan administrator).
The main organizations governed by HIPAA’s Privacy, Security and EDI Rules are known as covered entities, which include health plans, health care clearinghouses and health care providers that conduct certain financial and administrative transactions electronically. Self-administered, self-funded group health plans with fewer than 50 plan participants are exempt.
Health plan participants must be given detailed written information that explains their privacy rights and how their information will be used (a Notice of Privacy Practices). Participants have a right to access their own health records and request corrections. Participants also have the right to request restrictions on the use and disclosure of their PHI, to obtain documentation of certain disclosures made about their health care records, and to request that they receive their PHI at alternative locations or by alternative means.
To learn more about HIPAA EDI and become a certified EDI Professional please visit our course schedule page.