Roadmap: Patient’s Guide to HIPAA: Part 1: Learning About HIPAA (FAQ 8 of 65)
HIPAA introduces the term protected health information or PHI. The actual definition is a conglomeration of nested and complex terms with even longer exceptions. It is too messy to bother with here. Instead, we offer a rule of thumb that will work just fine most of the time.
Roadmap: Patient’s Guide to HIPAA: Part 1: Learning About HIPAA (FAQ 9 of 65)
HIPAA doesn’t apply to every health record keeper or to every health record. Only covered entities must comply with HIPAA. Get used to the term covered entity because it comes up a lot. HIPAA recognizes and regulates three types of covered entities.
Roadmap: Patient’s Guide to HIPAA: Part 1: Learning About HIPAA (FAQ 10 of 65)
If you read the HIPAA privacy rule – and stayed awake while doing it – the rule would appear to be a welter of detailed and uncoordinated provisions. It actually has a structure, but that structure is difficult to appreciate unless you know about Fair Information Practices, or unless you read the original preamble to the rule from 2000.
Roadmap: Patient’s Guide to HIPAA:Part 1: Learning About HIPAA (FAQ 11 of 65)
This is a tough question to answer. Health care providers generally care about patient privacy, but health care providers have only some control over the records of their patients. Our complicated health care treatment and payment system places patient health information in the hands of many different providers, insurers, agencies, and others. Before HIPAA, we believe that the health care system mostly paid lip service to privacy. How many hospitals offered you a notice or privacy practices before HIPAA? How many trained their staff in privacy? How many told you that you had a right to see and copy your own records? Before HIPAA, active privacy policies were a rarity in health care. By this measure, HIPAA made some definite improvements.
Roadmap: Patient’s Guide to HIPAA: Part 1: Learning About HIPAA (FAQ 12 of 65)
In this guide, we point out some shortcomings with the HIPAA rule. The rule doesn’t require covered entities to do everything that you might want. It may not protect privacy sufficiently or define your rights as expansively as you think it should.