Health Insurance Portability & Accountability Act
In 1996, Congress enacted the Health Insurance Portability and Accountability Act (“HIPAA”) to improve the efficiency and effectiveness of the health care system. HIPAA authorizes the United States Department of Health and Human Services (“HHS”) to adopt national standards designed to ensure the security and privacy of individuals’ health information. As required by HIPAA, HHS issued the Standard for Privacy of Individually Identifiable Heath Information (the “Privacy Rule”) and the Security Standards for the Protection of Electronic Protected Health Information (the “Security Rule”). The Privacy Rule established national standards for the use and disclosure of individually identifiable health information-called “protected health information” or “PHI”, as well as standards for individuals’ privacy rights to understand and control how their health information is used. The Security Rule established a national set of security standards for protecting certain health information that is held or transferred in electronic form. HIPAA and the Privacy and Security Rules were updated in 2009 under the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”) and again in 2013 under the Omnibus Rule. HIPAA, the Privacy and Security Rules, HITECH Act and the Omnibus Rule are collectively referred to as the HIPAA Rules.
Protected health information (“PHI”) is information, including demographic data that relates to an individual’s past, present or future physical or mental health or condition, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual, and identifies the individual.
In fulfilling the various functions and missions of Madison County (the “County”), certain County departments come into possession of, use and disclose PHI. The County is committed to compliance with all applicable laws and regulations including, but not limited to, the HIPAA Rules. On December 17, 2020, the Madison County Board of Supervisors approved the Madison County HIPAA/HITECH Compliance Policies and Procedures Manual that is effective January 1, 2021.