HIPAA
HIPAA for Members
What is HIPAA and Why Is It Important?
"HIPAA" stands for the Health Insurance Portability and Accountability Act of 1996. The intent of "HIPAA" is:
- to improve health coverage by allowing individuals to "take their insurance with them" when they change jobs.
- to combat fraud, waste and abuse; and,
- to simplify the administration of health insurance
HIPAA applies to "covered entities". Covered entities are providers, e.g., doctors, hospitals, pharmacies; health insurance plans, e.g., Blue Cross/Blue Shield, United Health Care, Medicare and Medicaid, etc.; and health care clearinghouses who assist providers with billing and health information access.
One way to accomplish this is to manage health information electronically. This would help covered entities more easily use and share data to treat you, bill for services, and run health care operations. HIPAA makes it easy to share data for these reasons, and, at the same time, limits access to your health information by requiring patient approval for other uses of the data.
Notice of Privacy Practices
One important requirement of covered entities under HIPAA is that you be notified about what happens to the health information they collect, use and share. This requirement is called a "Notice of Privacy Practices". The Notice must be given to you the first time you sign up for Medicaid or visit your provider. It tells you:
- How Medicaid uses and shares your health information; and,
- What rights you have under HIPAA to manage your own health information.
Here are copies of the Medicaid Notice of Privacy Practices in English and Spanish.
Rules and Regulations
The Privacy Rule
This rule includes regulations that require the protection of medical records and other personal health information that is collected and kept by covered entities. It regulates the use and disclosure of protected health information (PHI), whether it’s written, oral or electronic.
The Rule 1) makes sharing of information for treatment, payment and health care business operations; 2) gives patients rights to access and manage their health information, and to know where their information has been shared; and, 3) restricts the sharing of health information to the minimum necessary to accomplish a specific purpose.
The Security Rule
The Breach Notification Rule
Utah Health Information Rules
Forms
You have the right to receive a copy of your health information and to authorize Medicaid to share your information with a third party. .You may use the following form to:
- obtain a copy of your Medicaid billing information
- have Medicaid share your billing information for any reason, or
- request that a provider or outside organization share your information with Medicaid.
Member Authorization to Request Release of PHI
If you have questions about HIPAA, about how Medicaid uses and discloses your health information, or about your rights to manage your own health information, contact the Medicaid Privacy and Security Office at: dih_medicaidprivacy@utah.gov.