Master the complexities of cloud compliance with expert resources and relevant insights.

Is HIPAA Federal or State?

HIPAA: Federal or State?

HIPAA, formally known as the Health Insurance Portability and Accountability act, was signed into legislation back in the 90's. These regulations were enacted as a multi-tiered approach that set out to improve the health insurance system. HIPAA impacts just about everyone but who is enforcing it, the federal government or the state? Actually, both are! Interestingly enough, state laws will usually take precedence over the federal law if the state laws are seen as more stringent. For example,

  • California has the California Confidentiality of Medical Information that states that patients may bring legal actions for violations of the state law and have rights to compensatory and disciplinary damages. In contrast, HIPAA has no similar right of action.

  • New York grants patients access to their medical records and, similar to HIPAA, providers must provide patients this access within ten days of a written request. On the contrary to HIPAA, New York healthcare providers reserve the right to deny clinician notes and observations, which is not clearly stated in HIPAA.

  • Illinois has no clear law that anyone covered by HIPAA can deny a patient access to information. Furthermore, Illinois has patient-access laws that permit individuals to file a civil suit so while patients may seek equitable relief, damages are not applicable.

Why does HIPAA matter? Well, all healthcare entities and organizations that use, store, maintain or transmit patient health information are expected to be in complete compliance with the regulations of the HIPAA law. When completely adhered to, HIPAA regulations not only ensure privacy, reduce fraudulent activity and improve data systems but are estimated to save providers billions of dollars annually. By knowing of and preventing security risks that could result in major compliance costs, organizations are able to focus on growing their profits instead of fearing these potential audit fines.

HIPAA legislation is ever-evolving and although it may seem complicated and tedious, it is imperative that everyone is in compliance. HIPAA has many parts to it, including many rules like the HIPAA Privacy Rule and HIPAA Security Rule. Just as one must be aware of every minute part of these HIPAA directives, one must be prepared for change. With Healthcare Reform and other disruptive movements, the industry is in need of flexibility. Keep an open mind when tackling healthcare because nothing is set in stone, nor will it ever be.

Despite the complexity of our healthcare system, everyone can make an impact. By being an educated healthcare consumer, the industry is one step closer to moving from a volume-based care model to one that is purely value-based. It is time to understand healthcare, analyze behaviors and determine solutions. Why now? Because there's no better time than now.

For more information on HIPAA, check out the Datica Blog. Additional questions? Contact one of our experts today.

Need Compliance Help?

Talk to the experts.