Introduction to HIPAA

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. This law requires covered entities (such as physicians, hospitals and health insurance companies) to protect the privacy and security of protected health information.

What information is protected under HIPAA?

HIPAA is intended to protect the privacy and security of patient medical records and other individually identifiable health information that is used or disclosed by covered entities. This information is referred to as "protected health information" or "PHI" under HIPAA. The protections of HIPAA extend to oral communications as well is information that is stored or transmitted in writing or electronically.

What boundaries does HIPAA place on the use and release of medical records?

HIPAA outlines specific instances when PHI may be used or disclosed by a covered entity without the patient’s consent. For instance, it is not necessary for a physician to seek the patient’s consent when the physician shares a patient’s PHI with the patient’s health insurance company in order to seek payment for medical services. A healthcare provider does not need a patients consent to share PHI with other healthcare providers involved in the patient’s care; for instance, if a patient’s primary care doctor refers the patient to a specialist for care, the primary care doctor can discuss the patient’s condition with the specialist and forward the patient’s medical record to the specialist without first seeking the patient’s consent.

Additionally, a healthcare provider or health insurance company is not required to seek a patient’s consent to disclose PHI when the disclosure is required by law. Unless the use or disclosure is allowed by HIPAA, a covered entity may not use or disclosure a patient’s PHI without the patient’s authorization. In addition, covered entities are required to implement reasonable safeguards to protect PHI from unintentional disclosure and security breaches.

How does HIPAA affect me?

HIPAA affects you in several ways:

Your health-care providers and health insurance company are required to implement policies and procedures to protect your PHI. You are entitled to receive a notice outlining those policies and practices from your healthcare providers and health insurance companies.
In most cases, you have the right to view and copy your own clinical records.
You may request that your healthcare provider and health insurance company agree to certain restrictions on the use and disclosure of your PHI.
Your healthcare provider and health insurance company may request your authorization, from time to time, to disclose your healthcare information. For instance, if you participate in a clinical trial, the physician or other healthcare provided conducting the clinical trial may be required to obtain your permission to utilize the patient’s PHI as part of the clinical trial.
Additional information regarding your rights under HIPAA is available at http://www.hhs.gov/ocr/hipaa/consumer_summary.pdf.

How does HIPAA affect MCS?

In certain situations, MCS will contract with a covered entity (such as an insurance company) to gather PHI. In those instances, MCS must sign a Business Associate Agreement with the covered entity pursuant to which MCS agrees to protect the privacy and security of PHI gathered by MCS on behalf of the covered entity. MCS must comply with certain aspects of HIPAA. For instance, if you have contracted with MCS to collect information regarding your healthcare, it is necessary for you to complete and submit a HIPAA-compliant release form. Without that release, your physician is prohibited under HIPAA from releasing your healthcare information to MCS.

What is MCS doing to protect the privacy and security of my health information?

MCS is committed to protecting the privacy and security of your health information. We have reviewed the our policies and procedures, processes, contracts, computer systems and usage, physical security, training, and all other relevant aspects of our business to ensure that we are taking steps to protect the privacy and security of your health information. Our entire employee base is fully apprised of the importance of maintaining the privacy and security of your health information. Each MCS employee that handles or has access to health information is trained when hired and receives ongoing training in privacy, security, and proper protocols to protect your health information from improper use or disclosure.

Additional information about our privacy policies is available here.