webinarsbreadcrumb separatorhipaa-ecommerce-guidelines-and-resources-part-2-hipaa-privacy-rule

Chris Reddick (President and CEO at Clarity Ventures) and Ron Halversen (Vice-President of Sales and Marketing at Clarity) explain the HIPAA Privacy Rule and how it can affect your business.

Part 2 of a 13-part series (Return to Part 1)

CHRIS: This is such an excellent resource, but it doesn't necessarily give you a lot of real-life examples that help piece it together. So that's really one of the things that we try to do, but it is very concise and clear on a lot of the topics. There are a few areas on the site where it's essentially contradictory, but it's just such a helpful resource to have in your back pocket and make sure you're looking at it as a source of truth for HIPAA complaince.

what is hipaa

CHRIS: One of the main areas of HIPAA is the Privacy Rule. That's really the genesis of HIPAA, and probably the biggest thing we want to point out is what the original intention and some of the major goals behind the Privacy Rule were and are. 

You can see that right out of the gate in the introduction section here. As it's stated on this site, “a major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality healthcare and to protect the public's health and well-being.” 
 
Here's where it gets interesting. “The rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.” And Ron, isn't this such a great summary of what we see throughout HIPAA compliant websites? There's a balance. There's some level of gray area that they're basically asking you to interpret based on the situation. 
 
So they're saying, given that the healthcare marketplace is diverse, “the rule is designed to be flexible and comprehensive, to cover the variety of uses and disclosures that need to be addressed.” So in some regards, this is really helpful, but in some regards it's also really challenging. Because, due to the nature of it being flexible and due to the nature of it striking a balance, by definition it isn't clear. It's not as opinionated as one might want, and I think that is necessary in the environment that these rules were created in, and things have been changing. 

Just think about it. The rule originally came out in 1996, that's when HIPAA law was originally passed. Here we are now approaching, what, 25 years later? It’s over 25 years later, it's been a long period of time that this has really stood the test of time as a substantial framework. 

The core concepts of privacy are what you want to take away from this. As we scroll down this page and look at some of these key aspects, one of the most important things to understand is who is covered and how are they covered by the privacy rule. This is pretty interesting. I've found in my travels on the HIPAA complaince journey that we've been on, Ron, that not a lot of people know for sure if they're actually supposed to comply with HIPAA rules, if they're required to comply with it. But I'd love for you to talk about that briefly and what your experience has been there.

what is hipaa

RON: Yeah, it's strange. One quick example of what you said a minute ago, and I’m going to scroll back up for just three seconds. The Office for Civil Rights—if you hear us say OCR [the division of Health and Human Services dealing with HIPAA complaince for websites], we're talking about the Office for Civil Rights.  

Chris had mentioned in a previous video last week or the week before, how in the last, I don't know—Chris, you can correct me, but a month or two they made I don't know if it's an amendment or an addendum, but they are now allowing for the telehealth sessions. As long as you are not recording, you can actually use FaceTime and some of the other things to have telehealth sessions with your doctor. But yet Zoom, where it's a recorded session, then falls under PHI because now you are storing data right?  

So they've even made adjustments as technology has changed over time. And that's what Chris is saying. It's more than 25 years old, and now they're trying to make sure that they've left it room for interpretation due to the different types of organizations. 

We’re dealing with all these [medical] clients. I have one client, when you're at a school and a teacher helps a special needs child, this client of ours, we help them build an application where the teacher could record their time. And all of that time gets submitted back to the state, and the state pays them for services and reimburses them for doing that. But then, all of a sudden, you're talking about special needs and you're talking about kids and their behavior. Well, does that fall under ePHI, because that's not necessarily diagnosis related, right? So that in itself is in a gray area. 

Continue to Part 3 to find out what businesses HIPAA applies to.

Recent Search

HIPAA Compliance AngularJS Web Development ERP Sage Integrations Microsoft Dynamics Xamarin Framework Comparison Essential Website Features

Top Searches

B2B Supply Chain Management WooCommerce Integrations Catalog Product Tags Top B2B eCommerce Challenges Epic Integrations Optimizing Mobile Apps