The HIPAA Security and the Risk Dilemma:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

HIPAA Defined

The Health Insurance Portability and Accountability Act of 1996, known as HIPAA.

- Enacted in 1996.
- To prevent fraud and abuse for all types of insurance
- Insurance reform by providing portability and continuity of health insurance. 

Administrative Simplification

- Creates a framework for the standardization of electronic data interchange (EDI) in health care 

by facilitating uniformity of certain common health care transactions.

Does HIPAA replace existing laws?

- HIPAA privacy regulations do not simply replace existing federal and state laws that currently 

protect our consumers’ privacy, but will interact with these existing laws.

The Hoopla of HIPAA HIPAA is a new law, but the practices of privacy that we have in place are not new. We have always had a practice of confidentiality and “limiting” the sharing of information to a need to know basis. HIPAA takes privacy to the next level. Confidentiality What is confidentiality?

- Something private
- Something secure
- Reliability and trust
- Private
- Something confided

What If?

- Your doctor started talking about your illness in the full waiting room?
- Your pharmacist called your job and left a detailed message about your medication?

What it boils down to

- Personal information that we get from individuals and their families is “owned” by those 

individuals. They “lend” their information to us in order to receive services and program support. So that being the case, how do we respect our consumers in a HIPAA way?

- Keep information confidential
- Not talking in public places about a consumer
- Only disclose the essential information required.
- Secure information
- Limit access to certain personnel

What Changes?

- HIPAA does not change the services that we offer to our consumers.
- HIPAA requires that we give our consumers or the person who legally represents them a privacy notice.
- HIPAA does require that we review all of our practices and to be careful about what we say and to who we say it to.

Keep this in mind Do not go to extremes. HIPAA will change the way we do things. It should be approached in a serious manner (this is important) yet it is not an extreme law—moderation is in order. Never, Never think HIPAA will compromise the services that we offer to consumers.