HIPAA FAQ

What is HIPAA?

Health Insurance Portability and Accountability Act of 1996 is a law that is designed to safeguard sensitive consumer medical information. It allows patients the ability to maintain more control over their health information, set boundaries on how it’s used, and holds those who have access to the information accountable for inappropriate use of the information.

What rights do patients get because of HIPAA?

• Having their medical information protected.
• Having the right to obtain and see their medical records. There are certain situations where consumers may not be able to see all parts of their record.
• Having the right to ask and to request that any mistake information be corrected. Knowing how their medical information is used and shared.
• A doctor may be permitted to share information without your permission in certain narrow circumstances.
• A client has the right to request to see who has viewed their medical information. Consumers have a right to instruct how they want to be contacted.
• Right to request that your medical information is not shared with certain parties and how it’s used.
• If a consumer suspects that their rights have been violated then they have the right to file a complaint.
• Right of an electronic copy of information if the health care provider has that kind of database.
• If you pay out of pocket for a medical issue you have the right to ask your doctor not to send that information to your health plan.
• Right to request not to be sent fundraising requests.
• Right to request that your doctor asks for your permission before sending you information on new medical products when the doctor is paid to advertise these products.
• Right not have their medical information sold. However, there are a few exceptions to this.

Who must comply with HIPAA laws?

Covered Entities:

• Health Plans - Health insurance companies, HMOs, Company Health Plans, Medicare, Medicade.
• Most Health Care Providers - Those that conduct certain business electronically like doctors, clinics, hospitals, pharmacies, nursing homes, etc…
• Health Care Clearinghouses - Entities that translate nonstandard health information they receive from another entity to a standard.

Business associates:

Non-employees of a Covered Entity which has access to your health information when providing a service to the covered entity. - EX: Billing companies, companies that administer health plans, lawyers, accountants, IT, companies that store and destroy medical records, etc…

Who does not need to follow HIPAA laws?

• Life Insurers.
• Employers (In terms of employment records, not medical records).
• Workers compensation carriers.
• Most schools and school districts.
• Many state agencies like child protective services.
• Most law enforcement agencies.
• Many municipal offices.

What kind of information is protected under HIPAA?

• Information your doctors, nurses, and other health care providers put in your medical record.
• Conversations your doctors has about your care or treatment.
• Information your Health Insurer has about you.
• Billing information

How does an organization get HIPAA certified?

In order for an organization to be HIPAA compliant an organization must follow the rules outlined in 45 CFR 164.306, 308, 310, 312, 314. So long as these rules are followed the organization is HIPAA compliant. While there are private companies that will provide HIPAA compliant certifications these are not officially recognized by the department of Health and Human Services. Organizations will often perform a self evaluation to ensure they are compliant with HIPAA guidelines.

What has Metadot/Mojo Helpdesk done to be HIPAA compliant?

We have performed a self evaluation to ensure that we are compliant with HIPAA guidelines and we hold all of our business associates to the same standards.