The Health Insurance Portability and Accountability (HIPAA) Act of 1996 was originally enacted as part of the Social Security Act. The Department of Health and Human Services (HHS) is responsible for overseeing the implementation of the rule while the Office of Civil Rights is responsible compliance with the privacy rule.
The three main purposes of HIPAA are:
- To protect and enhance the rights of consumers by guaranteeing the security and privacy of their protected health information (PHI);
- To improve the quality of healthcare in the U.S.;
- To improve the efficiency and effectiveness of healthcare delivery.
HIPAA and its regulations (the "Privacy Rule" and the "Security Rule") govern the way certain health information is collected, maintained, used, and disclosed by Austin Community College (ACC).
The Privacy Rule:
- Gives individuals certain rights with respect to their health information. These rights include:
- The right to receive a written description of our privacy practices as they relate to their individually identifiable health information.
- The right to access their PHI as defined by the Privacy Rule and request corrections.
- The right to an accounting of disclosures of their PHI outside of Austin Community College Covered Entities unless the disclosure is for treatment, payment, health care operations, or with the authorization by the individual.
- Establishes security standards for individual health information.
- Limits how organizations can use PHI.
The Security Rule:
Unlike the Privacy Rule, which applies to protected health information in electronic, oral, and paper media, the final Security Rule applies only to electronic protected health information at rest (stored on the computer or off site) and during transmission or receipt.
- The Security Rule provides three key definitions that comprise the foundation for security of electronic health information.
- Integrity: Information has not been altered or destroyed without proper authorization.
- Confidentiality: Information is only available or disclosed to persons authorized to receive it.
- Availability: Information is accessible and usable upon demand by authorized persons.
- These three principles set the stage for the three categories of security standards:
- Physical safeguards
To meet the requirements of the Privacy and Security Rules, Austin Community College has adopted policies that govern the storage, use, and disclosure of PHI by its workforce. These policies are part of the College's Administrative Rule 3.01.005. Failure to comply with these policies may carry College, civil and/or criminal sanctions.