HIPAA
Learn about our practices and privacy policies in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We always abide by best practices in compliance with HIPAA and all applicable laws.
HIPAA (Health Insurance Portability and Accountability Act)
It entered into force on April 14, 2003, directly impacting the administrative practice of medicine, the doctor-patient relationship and how the finances work within the healthcare industry. This act was created to regulate and reform some aspects of the health insurance market and simplify administrative processes related to health. It also guarantees the right to privacy and confidentiality of patient health information. HIPAA represents security, confidentiality and reducing fraud incidence while facilitating transactions between health plans and increasing efficiency and effectiveness in the healthcare industry.
The five sections of HIPAA:
Title I: Health Insurance Reform
Title I allows people to take their health insurance from one job to another and avoid having a lapse in coverage. It also restricts health care plans from rejecting people with pre-existing medical conditions who move from one health care plan to another.
Title II: Administrative Simplification
Its purpose is to fight health care fraud and abuse; ensure the security and privacy of health information; assign codes for various medical conditions and treatments, assign codes to billing transactions and transactions between health care plans; establish standards for information, medical transactions and reduce health care costs by standardizing the way the industry communicates information.
Title III: Tax Related Health Provisions
Title III provides for certain deductions for medical insurance, and makes other changes to health insurance law.
Title IV: Application and Enforcement of Health Plan Requirements
Title IV specifies conditions for group health plans regarding coverage of persons with pre-existing conditions, and modifies continuation of coverage requirements.
Title V: Revenue Offsets
Title V includes regulations on how employers can deduct premiums from the company’s life insurance policies for tax purposes.
Provider requirements to comply with HIPAA
- Guarantee of patient privacy rights:
- This includes providing each patient a clear explanation in writing on how their health information may be used and shared
- All providers need to ensure that each patient can view and obtain a copy of their records and request corrections
- It is required to keep a history of non-routine disclosures accessible to patients
- Providers must obtain the consent of a patient if they need to share patient information for treatment, payment and medical care activities
- It is mandatory to obtain the patient’s authorization for non-routine disclosures and the majority of non-health care related purposes
- It is also required to allow patients to request restrictions on the use and the way their information is shared
- Integration of Privacy Procedure in writing that include:
- Who has access to protected information
- How it will be used within the agency
- When the information will be disclosed
- Ensuring that business partners protect the privacy of health information
- Training employees on the provider’s privacy procedures
- Designating a privacy officer responsible for ensuring that safety procedures are met
Safety Standards Categories
Administrative: Administrative functions such as policies and procedures support the compliance process with the standards of the law. This includes a number of measures that protect the Protected Health Information (PHI) and that guide the conduct of the workforce regarding the protection of information. It entails that it be in force or the implementation of processes such as: Analysis and Risk Management, Security Trainings, sanctions policy.
Physical: Mechanisms to protect access to places, equipment and systems in which protected health information is stored electronically. This includes protection from environmental threats, to the access of unauthorized persons.
Technical: Primarily automated processes to control the access and unauthorized use of information. It includes the use of access control mechanisms and user identification to verify that personnel using the information system have the proper authorization.
Our Commitment to Medical Information
Best Option Healthcare Puerto Rico, Inc. will use or disclose protected health information to provide treatment, obtain payment for treatment, for administrative purposes and to evaluate the quality of care received. The protected health information for each patient is part of your medical record which is in turn under the control and physical property of the organization. However, the information in the record is your property and belongs exclusively to each patient.
The protected health information is information that the organization creates or obtains by providing their services. This information may include documentation of symptoms, examinations, test results, diagnoses, treatments or requests for care or treatment. It also includes all documentation related to the billing of services rendered.
We understand that the medical information concerning our patients is confidential and personal, so we are committed to protecting this information. Our office creates a file on the service that the patient receives. We need this record to provide patients with quality care while complying with all legal requirements. This notification applies to all patient records generated in the office. The notification informs patients about different ways in which we may use and disclose medical information. It also describes the patient’s rights and the obligations that the office has regarding to the use and disclosure of health information.
By law, there is an obligation to secure patient health information and to keep it private. We must also offer the patient a notification of our legal responsibilities and privacy policies with respect to their health information. We will follow these regulations at all times, according to the requirements of the patient’s notification.