The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects the use and disclosure of individually identifiable information or protected health information (PHI) created or received by certain entities. These entities transmit transactions (as defined by HIPAA) electronically and are known as "Covered Entities". Covered Entities include:
- Health plans;
- Health care clearing houses (billing company); and
- Health care providers
Indiana University (IU) is a covered entity that has chosen hybrid status. IU is a single legal entity with components that are covered and non-covered under HIPAA.
Key Concepts:
A Covered Entity must safeguard PHI during use and disclosure. These safeguards must include:
- Administrative
- Physical
- Technical
Patients have Rights to:
- Notice of Privacy Practices (How their information may be used)
- Inspect & copy PHI
- Give permission to allow certain uses and disclosures
- File a Complaint
