Health Insurance Portability & Accountability Act
DOH’S HIPAA INFORMATION PRIVACY AND SECURITY
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). One component of HIPAA was to streamline the process to exchange information and to make health information more readily accessible to patients.
The HIPAA Privacy Rule went into effect it April 2003 and created a federal standard for protecting the privacy of health information. The Privacy Rule also requires DOH to comply with Florida laws that provide greater protection to patients.
HIPAA and You
The Privacy Rule, generally prohibits the use and disclosure of health information without written permission from the patient. The Privacy Rule also gives patient’s rights to access their medical and billing records, request amendments to those records, and obtain an accounting of disclosure of protected health information. The Department’s Notice of Privacy Practices further describes the use and disclosure of patient medical information and how patients may obtain access to their information.
What is PHI?
PHI is defined as any health information created or received by a health care provider that: (1) identifies and individual; and (2) relates to that individual’s past, present, or future physical or mental health condition or to payment for health care.
Protected health information includes information in any form or medium, from a paper medical record to a conversation between colleagues consulting on the care of a patient.
What does the Privacy Rule require?
The Privacy Rule prohibits the use or disclosure of protected health information or PHI, unless the patient has signed an authorization to disclose PHI.
What is the Notice of Privacy Practices?
The Notice of Privacy Practices explains to patients the ways DOH is allowed to use a patient’s protected health information and lists the rights patients have with respect to their health information.
What is an Authorization to Disclose?
A written document signed by the patient giving permission for a health care provider to disclose PHI to specified individuals and/or entities. A patient’s authorization to disclose is not required for the following purposes:
- For the treatment of a patient
- For payment of or billing for services
- For health care operations (for example, quality assurance, credentialing, audits, compliance monitoring)
Protected health information may also be provided to patient caregivers (for example family members) but only if the patient expressly agrees or impliedly consents.
Certain disclosure may also be made by a health care provider without patient authorization to accomplish public health activities and other permitted uses as set forth in the Privacy Rule. “Consumer information is not shared with third-parties for marketing purposes” and explains why and how customer information is collected.
Messaging Disclosure
Acknowledgement of following consent, “I hereby consent to receive SMS text messages from Great Smile Dental from 772-877-3066, regarding appointment reminders, treatment updates, general two-way communication and important practice information on my mobile phone number. I understand that I can opt-out of receiving these messages at any time by replying ‘STOP’ to a text from Great Smile Dental or “HELP” for support. I acknowledge that standard message and data rates may apply. Msg frequency varies. Msg & data rates may apply. Consumer information is not shared with third-parties for marketing purposes”.