HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.
HIPAA does the following:
Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reduces health care fraud and abuse;
Mandates industry-wide standards for health care information on electronic billing and other processes; and
Requires the protection and confidential handling of protected health information
Click below for U.S. Department of Health & Human Services official page for HIPAA related rules and regulations.
PRIME Occupational Medicine makes all reasonable efforts to comply with HIPAA — the Health Insurance Portability and Accountability Act of 1996 – and privacy regulations and State privacy laws and regulations. We take these matters very seriously and have instituted numerous internal and external measures to maximize compliance. The following related pages detail our full HIPAA and privacy program:
- HIPAA Information — General discussion about protected health information (PHI) and PRIME’s role in protecting it (PLEASE SEE HIPAA PAGE BELOW)
- Confidentiality Statement — Detailed, legal description of the requirements protecting the privacy of our patients’ health information
With the rapidly changing legislative and regulatory impacts on the healthcare environment, PRIME Occupational Medicine and its subsidiaries recognize that corporations want assurance that our organization is actively assessing our compliance with the Health Insurance Portability and Accountability Act (HIPAA). PRIME Occupational Medicine continues to implement global strategies to address HIPAA. Our goal is to protect the privacy and security of individually identifiable health information and our clients’ ability to use our services.
PRIME Occupational Medicine maintains a Regulatory/Legislative Department consisting of staff dedicated to tracking all proposed, pending, and active legislative and regulatory developments that are directly proportional to PRIME Occupational Medicine ‘s and our customers’ business needs. A primary focus of this department is to research privacy and security regulations and legislation on both the federal and state level. We are actively involved in the impact assessment of HIPAA on PRIME Occupational Medicine’s business units.
PRIME Occupational Medicine has a Privacy and Security Task Force that incorporates HIPAA and consists of individuals from the following departments: Legal, Regulatory, Finance, Human Resources, Information Technology, Risk Management, Medical, and Business Operations.
PRIME Occupational Medicine remains confident that the effort put forth will produce the results necessary to achieve our compliance goals. PRIME’s Privacy Officer welcomes the opportunity to hear from you regarding your HIPAA questions and concerns. We know that starting a dialogue with our customers will only prove to strengthen our mutual HIPAA compliance efforts.
Protecting the Privacy of Patients’ Health Information
- INFORMATION REQUIRED TO BE PROTECTED.
- The privacy of all medical records and other individually identifiable health information must be protected at all times. Information relating to a patient’s health care history, diagnosis, condition, treatment, or evaluation shall be considered individually identifiable health information. Confidentiality of this health information must be maintained at all times, and may only be disclosed with the express written consent of the patient.
- Non-individually identifiable health information, (e.g. health information that cannot be linked to a specific patient) is not included within the definition of protected health information
- BOUNDARIES ON HEALTH INFORMATION USE AND RELEASE.
- An individual’s health information can be used for health purposes only.
- Protect individually identifiable health information. PRIME Occupational Medicine shall not publish or otherwise make generally available any information or data that identifies a patient for purposes other than treatment, payment or other health care operations, without his or her express written consent. This does not restrict the internal use of such information or data that is required in the performance of the scope of work that PRIME Occupational Medicine has been engaged to perform for a client. PRIME Occupational Medicine also maintains physical, electronic, and procedural safeguards to protect individually identifiable health information. PRIME Occupational Medicine is continually assessing those safeguards and making ongoing improvements to maintain and enhance our level of security for individually identifiable health information.
- Ensure that health information is not used for non-health purposes. Patient information can be used or disclosed only for purposes of treatment, payment, and health care operations. Health information cannot be used for purposes not related to health care without explicit authorization from the patient. For example, PRIME Occupational Medicine may not access the personal health information obtained by a Prime Occupational Medicine affiliate for any purpose other than to perform the services for which we were engaged, unless PRIME Occupational Medicine first obtains the explicit authorization of the patient.
- Maintain health information in a manner to protect confidentiality. All individually identifiable health information shall be maintained by PRIME Occupational Medicine in a confidential manner that prevents unauthorized use and disclosure to third parties. For example,PRIME Occupational Medicine may share confidential information with a third party under contract or affiliated with PRIME Occupational Medicine for the same purpose of performing the services for which we were engaged, provided that the information shall remain confidential at all times and shall be shared with only those persons that have authority to receive such information.
- Penalties For Misuse of Personal Health Information
- There are serious penalties for violation of the confidentiality of health information. Please be advised of the following:
- State Penalties. Various state laws impose criminal and civil penalties on individuals who misuse or disclose individually identifiable health information without explicit consent by the patient.
- Federal Penalties. HIPAA (Health Insurance Portability and Accountability Act) is a piece of federal legislation that directly addresses the privacy and security protection of individually identifiable health information. HIPAA calls for civil and criminal penalties for privacy and security violations, including:
- Fines up to $25,000 for multiple violations of the same standard in a calendar year.
- Fines up to $250,000 and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information.
- PRIME Occupational Medicine Penalties. Any employee who violates the privacy and confidentiality of patient health information, through disclosure or otherwise, may be subject to disciplinary action, including termination of his or her employment with PRIME Occupational Medicine.