About Us
HealthInsurancePlus.com HIPAA Privacy Policy and Compliance Statement
HIPAA regulations dictate the process by which we handle protected health information.
In many cases, we do not request, nor require you to release your confidental medical
records to us, HealthInsurancePlus.com. However, ALL insurance companies include
in their application requriements, a release of medical information to them. Even
though the insurer often requests and reviews your medical records, HealthInsurancePlus.com
is not privy to those records. The medical information you provide on your insurance
application is not covered under HIPAA protection, however we use secure servers
and data conections, and idata encryption to store your personal information including
any information provided on forms or applications, or records of telephone conversations
and email. The information you provide to us we keep in the strictest confidence.
We never release, share or sell your confidental or personal information. HealthInsurancePlus.com
takes our responsability to protect the privacy of your personal health information
very seriously.
We do not request that you sign a HIPAA release to authorize us to review your medical
information in most cases. However, in dealing with declined cases, or complicated
medical underwriting, HealthInsurancePlus.com may in some instances request that
you sign a second HIPAA release form so that the insurer may release your confidental
medical information to us. We use the specific reason for your decline or rate increase
to advise you in your health insurance options. We do not retain a copy of your
medical records. HealthInsurancePlus.com will only use the specific information
used to decline or uprate your case to help you find suitable other coverage. It
is completely optional to sign a HIPAA release.
Please see our Privacy Policy and for more information
on your HIPAA rights, visit http://www.hhs.gov/ocr/hipaa/.
HIPAA Privacy Policy Introduction
The Standards for Privacy of Individually Identifiable Health Information
("Privacy Rule") establishes, for the first time, a set of national standards for
the protection of certain health information. The Privacy Rule standards address
the use and disclosure of individuals' health information—called "protected health
information" by organizations subject to the Privacy Rule as well as standards for
individuals' privacy rights to understand and control how their health information
is used.
A major goal of the Privacy Rule is to assure that individuals' health information
is properly protected while allowing the flow of health information needed to provide
and promote high quality health care and to protect the public's health and well
being.
To review the entire Rule itself, and for other additional helpful information about
how it applies, visit the United States Department of Health & Human Services
website, under Office for Civil Rights-HIPAA.
Statutory & Regulatory Background
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public
Law 104-191, was enacted on August 21, 1996. Sections 261 through 264 of HIPAA require
the Secretary of HHS to publicize standards for the electronic exchange, privacy
and security of health information. Collectively these are known as the Administrative
Simplification provisions.
HIPAA required the Secretary to issue privacy regulations governing individually
identifiable health information, if Congress did not enact privacy legislation within
three years of the passage of HIPAA. Because Congress did not enact privacy legislation,
HHS developed a proposed rule and released it for public comment on November 3,
1999. The final regulation, the Privacy Rule, was published December 28, 2000.
Who is Covered by the Privacy Rule?
Health Plans
Individual and group plans that provide or pay the cost of medical care
are covered entities. Health plans include health, dental, vision, and prescription
drug insurers, health maintenance organization ("HMO's"), Medicare, Medicaid, Medicare+Choice
and Medicare supplement insurers and long-term care insurers (excluding nursing
home fixed-indemnity policies). Health plans also include employer-sponsored group
health plans, government and church-sponsored health plans, and multi-employer health
plans. There are exceptions—a group health plan with less than 50 participants that
is administered solely by the employer that established and maintains the plan is
not a covered entity. Two types of government-funded programs are not health plans:
(1) those whose principal purpose is not providing or paying the cost of health
care, such as the food stamps program; and (2) those programs whose principal activity
is directly providing health care, such as a community health center, or the making
of grants to fund the direct provision of health care. Certain types of insurance
entities are also not health plans, including entities providing only worker's compensation,
automobile insurance, and property and casualty insurance.
Health Care Providers
Every health care provider, regardless of size, who electronically transmits
health information in connection with certain transactions, is a covered entity.
These transactions include claims, benefit eligibility inquiries, referral authorization
requests, or other transactions for which HHS has established standards under the
HIPAA Transactions Rule.
Health Care Clearinghouses
Health care clearinghouses are entities that process nonstandard
information they receive from another entity.
Business Associates
Sample business associate contract language is available on the United
States Department of Health & Human Services website, under Office for Civil
Rights-HIPAA, at: http://www.hhs.gov/ocr/hipaa/
Business Associates Defined
A business associate is a person or organization other than a member of
a covered entity's workforce that performs certain functions that involve the use
or disclosure of individually identifiable health information. Business associate
services to a covered entity are limited to legal, actuarial, accounting, consulting,
data aggregation, management, administrative, accreditation, or financial services.
What Information is Protected?
The Privacy Rule protects all "individually identifiable health information"
held or transmitted by a covered entity or its business associate, in any form or
media, whether electronic, paper, or oral.
The above information is a technical release from the Department of Labor and PWBA
Office of Regulations and Interpretations.
Back to HealthInsurancePlus.com