If you are sheltering at home for the foreseeable future, you may turn to telehealth and prescription delivery for your basic healthcare needs. All the providers and services you use should be HIPAA-compliant. But what does it mean to be HIPAA-compliant? If it’s your first time managing your healthcare through technology, you might need some definitions to get your started. Let’s take a look at the law and how it keeps patient information safe.
First, HIPAA stands for the “Healthcare Insurance Portability and Accountability Act.” This act was signed into law August 21, 1996 and was meant to do the following:
- Improve the handling of health insurance coverage for employees between jobs
- Combat waste, fraud, and abuse in health insurance and healthcare delivery
- Promote the use of medical savings accounts
- Provide coverage for employees with preexisting conditions
- Simplify the administration of health insurance
After HIPAA was signed into law, the Department of Health and Human Services developed the Privacy Rule and Security Rule. These rules – which are federal laws – define which pieces of health information are private, who can look at and receive that information, and how the information should be secured.
Before we move on, let’s break down a few more terms.
- Covered entities: These are the organizations that need to abide by HIPAA. This includes health insurance companies, healthcare providers (including pharmacists), and healthcare clearinghouses that process health data. Business associates of covered entities, like e-prescribing services, healthcare delivery companies, and electronic prior authorization software services must also abide by HIPAA.
- PHI: This stands for “Protected Health Information.” This is individually-identifiable health information that covered entities create, maintain, receive, or transmit between themselves and other entities. Any PHI data must be carefully handled to avoid disclosure.
- Breach: The Department of Health and Human Services defines a breach as “an impermissible use or disclosure…that compromises the security or privacy of the protected health information.” Essentially, if unencrypted protected health information is lost, stolen, or accidentally revealed, it’s a breach.
What Counts as PHI
“Protected health information” is a vague phrase. The simplest definition is this:
Health Information + Individual Identifier = PHI
“Health information” could be test results, prescription information, diagnoses, medical histories, insurance details, or any other information used to identify a patient or provide healthcare services or healthcare coverage.
You can find a list of the eighteen “individual identifiers” here. The list includes items like your name, phone number, Social Security number, fingerprint, and even your zip code.
Covered entities need to carefully handle any and all PHI. HIPAA has specific requirements for how PHI is stored, shared, and destroyed. For example, PHI cannot be transmitted through regular email; it must be encrypted. PHI on printed material cannot be disposed of in regular trash or recycling; it must be placed in a secure shredder.
ScriptDrop Values Your Privacy
ScriptDrop is 100 percent invested in patient privacy. We have an entire Security & Compliance team dedicated to keeping your information safe and secure even beyond what HIPAA requires. The members of our security team are experts in healthcare IT and have a flawless track record.
Your PHI data is in good hands with ScriptDrop. Remember that it’s always acceptable to ask healthcare providers, insurers, and other entities how they comply with HIPAA regulations.
To learn more about your rights as a patient under HIPAA, read more on the Health & Human Services website.