HIPAA
Wiki Reference ~ HHS.gov Reference
???

 

Wiki Reference
Orig. Ref:http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
Privacy Rule

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L.104-191) [HIPAA] was enacted by the U.S. Congress in 1996. It was originally sponsored by Sen. Edward Kennedy (D-Mass.) and Sen. Nancy Kassebaum (R-Kan.). According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

Privacy Rule

The Privacy Rule took effect on April 14, 2003, with a one-year extension for certain "small plans". The HIPAA Privacy Rule regulates the use and disclosure of certain information held by "covered entities" (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.)^[10] It establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual.^[11] This is interpreted rather broadly and includes any part of an individual's medical record or payment history.

Covered entities must disclose PHI to the individual within 30 days upon request.^[12] They also must disclose PHI when required to do so by law, such as reporting suspected child abuse to state child welfare agencies.^[13]

A covered entity may disclose PHI to facilitate treatment, payment, or health care operations,^[14] or if the covered entity has obtained authorization from the individual.^[15] However, when a covered entity discloses any PHI, it must make a reasonable effort to disclose only the minimum necessary information required to achieve its purpose.^[16]

The Privacy Rule gives individuals the right to request that a covered entity correct any inaccurate PHI.^[17] It also requires covered entities to take reasonable steps to ensure the confidentiality of communications with individuals.^[18] For example, an individual can ask to be called at his or her work number, instead of home or cell phone number.

The Privacy Rule requires covered entities to notify individuals of uses of their PHI. Covered entities must also keep track of disclosures of PHI and document privacy policies and procedures.^[19] They must appoint a Privacy Official and a contact person^[20] responsible for receiving complaints and train all members of their workforce in procedures regarding PHI.^[21]

An individual who believes that the Privacy Rule is not being upheld can file a complaint with the Department of Health and Human Services Office for Civil Rights (OCR).^[22][23] However, according to the Wall Street Journal, the OCR has a long backlog and ignores most complaints. "Complaints of privacy violations have been piling up at the Department of Health and Human Services. Between April 2003 and Nov. 30, the agency fielded 23,896 complaints related to medical-privacy rules, but it has not yet taken any enforcement actions against hospitals, doctors, insurers or anyone else for rule violations. A spokesman for the agency says it has closed three-quarters of the complaints, typically because it found no violation or after it provided informal guidance to the parties involved."^[24]

Unfortunately many hospitals have broadly interpreted the privacy act and have not allowed patient information or condition to be released to the families of the hospitalized over the telephone even if the patient is critically ill and the family member lives out of state. Additionally strict penalty has been implemented for those (mostly nurses) who unknowingly violate HIPAA in this manner and many have been terminated from their nursing positions for accidental blunders of the hospitals interpretation of the law.

HHS.gov Reference
Original Ref: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
Introduction ~ More Information

Introduction to HIPAA

The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. 

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. 

Learn more about how the Privacy and Security Rules protect your health information. 

More Information About Health Information Privacy Under HIPAA

Special Topics

• Public Health
• Research
• Emergency Preparedness
• Health Information Technology
• Genetic Information

Related Links

Summary of the HIPAA Privacy Rule

Summary of the HIPAA Security Rule

Training Materials

 

| eBook References |  State References |  References for All | Power Point References |

 

If you are interested in joining our support group, use the link below to subscribe.