HIPAA for Members
What is HIPAA and Why Is It Important?
"HIPAA" stands for the Health Insurance Portability and Accountability Act of 1996. The intent of "HIPAA" was:
to improve health coverage by allowing individuals to "take their insurance with them" when they changed jobs;
to combat fraud, waste and abuse; and,
to simplify the administration of health insurance
HIPAA applies to "covered entities". Covered entities are providers, e.g., doctors, hospitals, pharmacies; health insurance plans, e.g., Blue Cross/Blue Shield, United Health Care, Medicare and Medicaid, etc.; and, health care clearinghouses who assist providers with billing and health information access.
One way to accomplish this is to manage health information electronically. This would help covered entities more easily use and share data to treat you, bill for services, and run health care operations. HIPAA makes it easy to share data for these reasons, and, at the same time, limits access to your health information by requiring patient approval for other uses of the data.
Notice of Privacy Practices
One important requirement of covered entities under HIPAA is to notify you of what happens to the health information they collect, use and share. This requirement is called a "Notice of Privacy Practices". The Notice must be given to you the first time you have a provider visit or sign up for insurance coverage. It tells you:
- How they use and share your health information; and,
- What rights individuals have under HIPAA to manage their own health information.
Here are copies of the Medicaid Notice of Privacy Practices in English and Spanish.
You have the right to receive a copy of your health information. If you wish to obtain a copy of your Medicaid billing information, you may complete the following form, and submit it to the Medicaid Privacy Office, and a claims and payment report will be sent to you.
If you want Medicaid to share your billing information for any reason, you may complete the following form, and submit it to the Medicaid Privacy Office.
If you want a provider or an outside organization to share your information with Medicaid, you may complete the following form, and send it to that provider or organization for processing.
Rules and Regulations
The Privacy Rule
This rule includes regulations that require the protection of medical records and other personal health information that is collected and kept by covered entities. It regulates the use and disclosure of protected health information (PHI), whether it’s written, oral or electronic.
The Rule 1) makes sharing of information for treatment, payment and health care business operations; 2) gives patients rights to access and manage their health information, and to know where their information has been shared; and, 3) restricts the sharing of health information to the minimum necessary to accomplish a specific purpose.