The Health Insurance Portability and Accountability Act (HIPAA) was enacted on August 21, 1996. HIPAA requires the U.S. Secretary of Health and Human Services to publicize standards for the electronic exchange, privacy and security of health information.
HIPAA protects all individually identifiable health information held or transmitted by a covered entity or its business associates, in any form or media, whether electronic, paper, or oral.
Individually identifiable health information is information, including demographic data and many common identifiers (e.g., name, address, birth date, SS#) that relate to:
- the individual’s past, present or future physical or mental health or condition,
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care
- information of the individual which identifies the individual
The Health Information Technology for Economic and Clinical Health Act (HITECH) expanded upon HIPAA’s reach in 2009. The HITECH Act has a breach notification rule which requires reporting directly to the affected individuals who have been impacted by a data breach involving health care information.
Employers could also face direct liability for the mistakes of other business associates, freelancers or consultants if they create or receive HIPAA-protected health information to perform functions or services.
Protect your business from errors, mistakes or even negligence when handling or filing employee’s personal and health care information. Speak to a qualified agent about an Errors & Omissions policy and find out what other types of protection you may need for your business.