HIPAA - Health Insurance Portability and Accountablity Act
is the Health Insurance Portability and Accountability Act
of 2003 (Privacy) and 2005 (Security). This act includes the HIPAA privacy and security rules created to establish national standards to protect individuals' medical records and other protected health information (PHI).
Those required to comply with these standards set by Congress include health plans, healthcare clearinghouses and healthcare providers who conduct certain financial and administrative transactions electronically. These entities (collectively called "covered entities") are bound by the standards even if they contract with others (called "business associates") to perform some of their essential functions.
In compliance with these regulations, Baptist Health:
- Provides information to patients about their privacy rights and how their information can be used.
- Has privacy/security policies and procedures for its practice or hospital.
- Trains employees so that they understand the policies and procedures.
- Employs a Privacy Officer and a Chief Information Security Officer to be responsible for seeing that the policies and procedures are adopted and followed.
- Secures patient records containing PHI so that the records are not readily available to those who do not need them.
The American Recovery and Reinvestment Act of 2009 contains a set of provisions known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act). This Act modifies the existing HIPAA privacy and security requirements by providing for the following:
- Increases civil monetary penalties for HIPAA violations.
- Requires business associates to comply with the HIPAA Security Rules.
- Defines what constitutes a breach and the notification requirements for certain breaches to be reported to patients, the media and the Office of Civil Rights.
- Imposes restrictions on certain types of disclosures (e.g. sale, marketing of PHI).
To report a privacy/security violation or to request additional information, please contact the Privacy Office at 501-202-1323 or email at Kathy.Roberts@baptist-health.org