Is HIPAA Privacy a Federal Law?
The Health Insurance Portability and Accountability Act (HIPAA) is one of the most talked-about yet little understood regulations today.
While you’ve certainly heard of it, you may wonder if HIPAA privacy is a federal law or what constitutes a HIPAA violation. So, here’s a closer look to help clear things up.
Is the HIPAA Privacy Rule a Federal Law?
First things first; is HIPAA privacy a federal law? The short answer is yes, but that can create some confusion without further explanation. While it is a federal law, several state and federal laws can preempt HIPAA regulations when they conflict.
When most people think of HIPAA, they think about its Privacy Rule, an amendment that came later to protect patient privacy. State laws can override the HIPAA Privacy Rule if they’re more stringent. If a state’s regulations cover more data types or have higher reporting requirements, they overrule HIPAA.
Similarly, state and federal laws can preempt the other parts of HIPAA, most of which apply to how insurance works. Generally speaking, whichever the stricter regulation is takes precedence. Since HIPAA is fairly open-ended, it often takes a backseat to other laws.
What Are the 3 Major Things Addressed in HIPAA Law?
You may also wonder what the three major things HIPAA law addresses are. Most answers you’ll find to this question cite administrative, technical and physical protection, but this is a relatively small part of the law. HIPAA talks about these safeguards for just 13 lines in the original text.
The three major things addressed in the HIPAA law as a whole are:
The Privacy Rule and related security measures fall under the first and second goals. Overall, though, HIPAA takes a broader approach, trying to expand healthcare access and protect patients, mostly in terms of their insurance.
Who and What Does HIPAA Apply To?
For most people, the most relevant parts of HIPAA are the regulations over their privacy. There’s a lot of misunderstanding around this area, too. Many people think HIPAA applies to some information; it doesn’t.
The HIPAA Privacy Rule covers personal health information, or PHI, which includes any information you can trace back to an individual, like names, medical information, and contact info. In general, HIPAA requires “covered entities” to get your permission before sharing this PHI with anyone else.
What most people get wrong about HIPAA is who it applies to. The covered entities that HIPAA regulates include three main parties: health plans (like insurers), healthcare providers, and healthcare clearinghouses. Some partners and business associates of these parties may fall under HIPAA, too, if they can access your PHI.
While PHI’s scope is fairly broad, covered entities aren’t. HIPAA Privacy Rule exceptions include your employer, most schools, law enforcement, most websites, and most non-healthcare businesses. These parties can generally collect andshare your information as they please, as long as other regulations don’t get in the way.
Examples of HIPAA Violations and Exceptions
So, what is an actual HIPAA violation? Some of the most common examples are healthcare data breaches. Now, if a hospitalsuffers a security breachthat exposes patient data, it’s not necessarily a violation. However, if it’s the result of insufficient protection or they didn’t disclose it properly, it is.
In 2020,The National Law Reviewreported that healthcare technology company CHSPSC had to pay $2.3 million for a breach-related HIPAA violation. After a hacker compromised six million patients’ data by targeting the system, investigators found CHSPSC didn’t meet HIPAA security standards. Since they failed to provide the proper protection for this information, resulting in a breach, they violated the law.
By contrast, if marketers use your medical-related internet searches to target ads to you, it’s not a HIPAA violation. The websites gathering your search activity aren’t covered entities, so they don’t need your explicit permission to share that data with marketers.
HIPAA Can Be Complicated
Like many laws, HIPAA is complicated. Privacy Rule exceptions are more common than you may think, and HIPAA itself covers far more than just security. Consequently, with so much misinformation around, it can be hard to know what is and isn’t legal.
These are just a few examples of what HIPAA covers. As regulatory discussions continue, the law may evolve, too. In any case, remember to take data privacy into your own hands and be careful about what you share.
Here’s a look at how tech companies use “dark patterns” to mislead and manipulate you into giving up more personal data than you intend to.
Your phone is a better editor than you give it credit for.
If an AI can roast you, it can also prep you for emergencies.
These are the best free movies I found on Tubi, but there are heaps more for you to search through.
I plugged random USB devices into my phone and was pleasantly surprised by how many actually worked.
When your rival has to bail out your assistant.
