SCRIPT NI LEC

HIPAA

Before the implementation of HIPAA, there was no generally accepted requirements or set of
standards to protect the health information of the public. Bago pa man maimplement yung
HIPAA, walang standards na nagproprotekta ng health information natin. Even though
hindi naman siya namimisuse ng mga healthcare professionals, syempre walang assurance
na yung privacy ng health information ng tao is secured and hindi napagkakalat. If nagawa
man yon, wala ring nakatakdang punishment.

According to Saba and McCormick (2021), HIPAA or Health Insurance Portability and
Accountability Act of 1996 it is a federal law which required the US department of Health and
Human Services (HHS) to create regulations protecting the security and privacy of the patient's
electronic health information. So ayun nga, inestablish itong HIPAA for the sake of
protecting yung health information ng individual and para efficient and effective yung pag
execute nito. Syempre para narerespeto ung privacy nung patiente and regulated lang or
controlled ung may access sa information na yon, as well as kung kanino siya pwedeng
ishare. May penalty din if naviolate, kagaya ng fine na pwedeng umabot hanggang $50,000
pati imprisonment na hanggang 1 taon.

In order to meet the requirements of HIPAA, the Health and Human Services (HHS) created 2
rules: privacy rule and security rule, that applied to health plans, healthcare clearinghouses, and
healthcare providers that transmit electronic health information. So yung rules na ito sy nag-
aapply siya sa lahat ng mga healthcare providers na nagtratransmit ng health information.

So syempre and main goal or purpose ng HIPAA: is to allow the access of health information
in order to promote and provide high-quality health care while maintaining the security and
privacy. Ineensure na magagamit ung health information for your betterment while
maintaining its confidentiality.

Dumako naman tayo sa Privacy Rule. So naglagay ako ng terms na pwedeng unfamiliar na
maeencounter natin sa description ng rules

 PHI - According to US Department HSS (2019), a PHI is any part of a medical record or
payment history of an individual. This stands for Protected Health Information.
Ineencompass nito lahat ng individually identifiable na health information in any
form or media.
 Healthcare clearinghouses - acts as the middleman between the insurance payers and
the healthcare providers. Sila yung nagchecheck if yung medical claims (billing
document) ay may mga error pa ba or wala para maensure na maproprocess siya
nang maayos ng insurance company to the payer. Once na maayos na yung claims,
 isesend yon kasama ng iba pang medical records dun sa appropriate na medical
organizations.
 HITECH - Health Information Technology for Economic and Clinical Health. Sa
context ng HIPAA covered na entities, Isa siyang act na ineEncourage yung providers
to adopt EHR and iimprove yung privacy and yung protection ng data. Nagawa ito
by increasing yung incentives sa pagadopt ng EHR and at the same time, inincrease
yung penalties sa violations.

So nung April 14, 2003, this national standard was established to regulate the divulgence and
use of an individual's Protected Health Information or PHI. It sets the standards for the privacy
rights of individuals in order to make them comprehend and control how their health information
will be used. Sa privacy rule, syempre nireregulate yung paggamit and disclosure ng PHI
ng tao without his/her authorization. Binibigyan din nito yung individual ng right over
their PHI. For example, pwede silang humingi ng copy ng health records nila or if may
gusto silang irequest na pabaguhin if may corrections man.

It applies to covered entities and other medical service providers that take part in the transfer of
PHI. Some examples are:

 healthcare clearinghouses
 health insurers
 health plans sponsored by employers

____________________________________________________________________________

January 25, 2013, Napublish na yung final rules ng HITECH/HIPAA sa Federal register.
According to HHS Press Office (2013), the final HITECH/HIPAA rules were published in the
Federal Register. Since naestablish na yung rules, syempre mas enhanced na din yung focus
dun sa pagprotecta ng privacy ng individual pati na rin yung rights niya over his/her
health information. This greatly enhances the protection of patient's privacy, as well as give
their new rights to their health information. Nagshift yung focus sa mga organizations na
tumatanggap ng PHI since dito na nila ineestablish yung pagsunod sa HIPAA privacy rule.
Otherwise, kapag negligent sila or non-compliant, maaaring magkaron sila ng penalty
based doon sa level of negligence nika. The focus shifted to the business associates of
individuals that receive protected health information like the contractors and subcontractors
instead of entities that process health insurance claims. There is also expansion of privacy
requirements. There will also be a maximum penalty of $1.5 million for noncompliance based on
the level of negligence.

Let us now move on to the Security Rule

Kagaya ng example na given diyan, kapag malaki yung corporation, syempre iba yung
security needs na required diyan compared doon sa isang small medical practice lang.
Syempre the bigger the organization, mas marami silang requirements na kailangan
sundin kasi mas madami silang ineencompass na processes ng health information.

Ex: A massive tele-health company has different security needs compared to a small medical
practice.

Tandaan na sa security rule, It specifically focuses on the electronic protected health

--

Para mas madali nating maidifferentiate yung 2, kapag security rule, covered lang nito ung
electronic na PHI. Ano anong mga forms? Mga examples are kagaya ng mga health
information na nakastore sa computer, natransmit over the internet, and those na galing sa
jump drive. Oral forms naman, they need to be compliant under the requirements of
security rule. Counted naman dito syempre if voice mails, or voice records basta gamit
syempre ung mga electronic applications or technology.

Kapag privacy rule naman, ineencompass nito lahat ng forms of PHI, this includes,

o physical copies
o electronic copies
o oral/verbal recordings

Kumbaga sa security rule, kinuha niya ung subset na electronic-based na PHI.