HIPAA

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) sets standards via the Privacy and Security Rules for the confidentiality, integrity, and availability of health information and sets forth patients’ rights concerning how their information is accessed and disclosed. The Breach Notification Rule requires physicians to notify patients, the federal government, and (for breaches involving 500 or more patients) the media of breaches of their protected health information.

Must I comply with HIPAA?

All physicians have an ethical obligation to maintain the privacy of patient information, and most states have enacted laws governing patient privacy. However, not every physician is a “covered entity” under HIPAA, as it applies to physicians and other entities that conduct certain electronic transactions involving information exchange with health plans. If you do not contract with health plans, you may not be required to comply with HIPAA.

How does MIEC help with HIPAA compliance?

MIEC has a plethora of resources and tools available to members. Don’t know where to start? Check out our HIPAA Starter Kit!

Tools and Resources:

• HIPAA Privacy Rule overview and guidance
• HIPAA Starter Kit 
• HIPAA Security Rule overview and guidance
• HIPAA Security Rule Risk analysis (PDF)
• DataGuard CyberSecurity Tools 
• Breach Notification Rule overview and guidance

Expert guidance from one of our PSRM specialists

What should I do if I receive a complaint about a HIPAA violation in my practice or suspect that patient information has been accessed or disclosed inappropriately?

Practices should designate a Privacy Officer as the individual responsible for HIPAA compliance, including responding to patient complaints. If you receive a complaint via the Office for Civil Rights or need assistance investigating a potential breach of information, contact our Claims Department.