The Health Insurance Portability and Accountability Act (HIPAA) includes five major components. Each set of regulations plays an important part in establishing HIPAA’s goal of guaranteeing electronic protected health information (PHI) security. They cover various factors, from PHI disclosure to safety procedures and violations. So, what are the five main regulations of HIPAA?
1. Privacy Rule and Omnibus Update
HIPAA’s privacy rule oversees PHI disclosures, protection, and authorizations. It sets limits and conditions for covered entities—health plans, health care clearinghouses, and health care providers—affecting their permission to share a patient’s PHI in certain scenarios. It also allows patients to inspect, obtain a copy, and request corrections on their PHI. In 2013, the Omnibus rule came into play, updating certain privacy rule conditions such as natural disaster waivers and length of PHI protection after death.
2. Security Rules and Safeguards
The security rule works in tandem with the privacy rule, but it only pertains to electronic PHI and digital security and handling. It consists of three major safeguards: administrative, physical, and technical. Administrative protection establishes the proper protocols for handling electronic PHI as a covered entity. Physical safeguards include desktop security, such as workstation monitor placements and computer or equipment access. Lastly, technical protection protocols cover electronic communications, especially over open internet networks.
3. Transactions and Code Sets
HIPAA’s transactions and code sets provide standards for electronic PHI exchanges. It covers various electronic transactions, including electronic data interchanges (EDI) and computer-to-computer exchanges with zero human involvement. Specific codes differentiate HIPAA’s transaction regulations and include:
- International classification of diseases (IDC-9-CM)
- Current procedural terminology (CPT-4)
- Code on dental procedures and nomenclature (CDT-2)
- National drug codes (NDC)
4. Unique Identifiers Rule
Covered entities get assigned identity codes. A set of unique digits that resemble specific entities in online systems. Unique identifiers allow covered healthcare providers and other entities to identify companies that also adhere to standard HIPAA transactions. The unique identifiers rule establishes different types of entity identifiers for varying transactions. The three major forms of identity include:
- National provider identifier (NPI)
- National health plan identifier (NHI)
- Center for Medicare and Medicaid Services (CMS)
5. Enforcement Rule
Violation protocols act as a means to establish enforcement of standards. They administer consequences for regulation breaches, encouraging entities to comply with set protocols. HIPAA’s enforcement rule establishes penalties for violating HIPAA standards. It also lists possible violations and procedures for handling and revoking punishments.
These five main regulations of HIPAA factor into various aspects of proper PHI handling and security. They establish standards for disclosures, electronic data practices, transactions, and more. To further broaden your knowledge of HIPAA and all it entails, check out Gamma Compliance’s online HIPAA training course. It goes into depth about the five rules and more, ensuring your healthcare practice remains HIPAA compliant.