Medical Management Associates ("MMA")
I'm really confused over HIPAA and have several questions. What is the difference between the proposed "Security Standards" versus the proposed "Privacy Standards" of HIPAA? Who must comply with these standards and what information is protected?
HIPAA's Security Standards deal with measures organizations need to take to keep their information safe. The Standards for Privacy of Individually Identifiable Health Information deals with what patients may expect from organizations in terms of the way their health information is used.
Any health care provider, health care clearinghouse or health care plan who electronically maintains or transmits health information pertaining to an individual must comply with the HIPAA regulations. These "covered entities" are required to have contracts with their business partners, including auditors, consultants, claims clearinghouses and other contractors.
Only "protected information" must meet HIPAA requirements. Protected information is defined as individually identifiable health information that has been maintained or transmitted in electronic form. Electronic maintenance includes information stored on magnetic tape, disk or CD and electronic transmission via any means - Internet, extranet, leased or dial-up lines and private lines. Voice mail and fax-to-fax systems are excluded.
The following situations or activities are exceptions to the rule in which individually identifiable health information may be disclosed without patient authorization:
- Public health activities
- Health oversight activities
- Judicial proceedings
- Law enforcement
- Banking and payment processes
- Disclosure to coroners or medical examiners
Karen Beard (bio...)
MMA does not provide
legal, accounting, or tax advice. If you need assistance in these
areas, we recommend that you consult a qualified professional. In
addition, please note that a client relationship with MMA is not established
by the submission of a question to this forum or by the publishing of MMA's