With the increasing adoption of advanced technology in healthcare, the many benefits of efficiency, mobility, access, diagnosis, and analysis bring an evolution of security risks on an individual’s private healthcare information. Recognizing this early—as well as the need for a national standard—Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996.
After its passing, the Department of Health and Human Services created the first HIPAA Privacy and Security Rule which went into effect in 2003. One aim of the law is to set national standards to protect individual privacy by regulating how protected health information (“PHI;” defined as “any information held by a covered entity which concerns health status, the provision of healthcare, or payment for healthcare that can be linked to an individual transaction”) can be disclosed by the specific entities to whom the Privacy Rule in the law applies. These “covered entities,” according to Health and Human Services, include “any health care provider who transmits health information in electronic form in connection with transactions.”
Here’s what’s important for you to know about HIPAA:
- HIPAA applies only to healthcare organizations; the entities that are not restricted by this regulation include most private businesses, law enforcement agencies, and most schools.
- The Privacy Rule places control of disclosure of personal health information in the hands of the individual. This means you can decide to disclose health information or not. HIPAA protects you by giving you the right to choose disclosure to an entity or individual; however, choosing not to provide information may mean forgoing access to some locations in favor of maintaining privacy.
- Covered entities (companies or organizations and any businesses associated with them that create, hold, or transact data involving an individual’s PHI) have requirements for security measures that must be in place to assure proper physical, network, policy, and process security.
- In response to the pandemic, the challenges to data privacy protection have again evolved, including, for example, from telehealth visits over the Internet with the associated need for proper physical and technical protections.
We have designed ALICEhelps with privacy and data security in mind from our first line of software code. Subscriber data is encrypted both on our servers and when people in a private community view and use it. In addition, community members can be assigned different roles, so subscribers can share different amounts of information with different people.