The Health Information Portability and Accountability Act (HIPAA) came into law in 1996 with the goal of providing safeguards for protected health information (PHI). This act was created to ensure patient privacy.
There are two rules.
- Privacy Rule addresses disclosure of PHI
- Security Rule addresses electronic disclosures
What is the Navy’s HIPAA Privacy Rule?
This rule is used when dealing with the disclosure of protected health information (PHI). PHI is an individual’s identifiable health information which can include demographics.
HIPAA allows the use of PHI for treatment, payment, and health care operations without written authorization from the patient.
Anything outside of this realm will require permission.
The HIPAA Privacy Rule began in 2003 while the act itself was created in 1996.
If you’d like to learn more about the Privacy rules, check out DODINST 6025.18 series, DOD Health Information Privacy Regulation.
What are some required uses and disclosures of PHI?
By law, it is okay for treatment facilities to disclose health information to the patient unless it has been determined by a medical authority that doing so would be harmful. Treatment facilities are obligated to disclose health information to the Secretary of the Department of Health and Human Services (HHS) for investigations for determination of compliance with laws.
- Treatment – Treatment facilities use and disclose protected health information to provide, coordinate, and manage the patient’s Health Care with a third party. Treatment facilities May disclose Phi to other military or Tricare contractors who are also providing care and consultations to the patient. This includes pharmacists who may be provided information on other drugs the patient has previously been prescribed so that they can identify any potential interactions.
- Payment – PHI will be used to obtain payment for health care services. One example would be a painting approval for a hospital stay that might require Phi to be disclosed to get the approval for hospital admissions.
- Healthcare Operations – PHI to activity healthcare. These can include quality assessment activities, investigations, and staff performance reviews for training.
What is the Navy’s HIPAA Security Rule?
The HIPAA Security Rule is there to protect PHI in the electronic form. This compliance was mandated in 2005. The safeguard of the Security rule was divided into 3 categories:
- Administrative
- Physical
- Technical
If you want to learn more about the security instructions, look at DOD 8580.02-R series, DOD Health Information Security Regulation.
What’s the difference between the Security Rule and the Privacy Rule?
By now you should understand that both the Security and Privacy Rules are linked in an effort to protect the privacy of health information.
The Privacy Rule sets the standard on how protected Health Care information (PHI) should be controlled by determining the uses and disclosures that are authorized.
The security rule defines the safeguards to protect that PHI. the Security Rule has greater limitations than the Privacy Rule because it mainly applies to the electronic form.
