| Show Protecting the Privacy of Patients Health Information Overview of the Final Privacy Regulations Denise Love N National Association of Health Data Organization The Health Insurance Portability and Accountability Act HIPAA of 1996 was signed into law by President Clinton on August 21 1996 The purpose of the Administrative Simplification provisions of HIPAA Subtitle is to improve the efficiency and effectiveness of the healthcare system by encouraging the Electronic Data Interchange EDI for administrative and financial specific transactions and to establish security and privacy standards Under HIPAA the Department of Health and Human Services DHHS was given the authority to develop privacy regulations if Congress failed to passprivacy law by August 21 1999 The final privacy rule establishes federal floor or minimum standard for patient health information which will affect health information disclosures and relationships throughout the health care industry Who is covered HIPAA privacy regulations apply primariy to health plans health care clearinghouses and health care providers considered the primary sources of health information and referred to as covered entities that transmit any health information in electronic form The rule also applies to entities that receive such information from covered entities under contractual arrangements What is covered The privacy regulations build fence around individually identifiable information in the hands ofcovered entity that is or ever has been electronically transmitied or maintained regardiess of current format including oral The regulations do not apply to de-identified or aggregated health information which has been stripped of information that can be traced to an individual What is the relationship to other state and federal laws stringent and conflicting state laws but more protective state privacy laws will continue to apply Legal interpretations will determine which federal laws regulations decisions rules and other state actions are impacted and how by this regulation Entities which are subject to selected federal laws such as substance abuse block grants projects for prevention and control of sexually transmitted diseases STDs grants for family planning services and matemal child health projects will be subject to the more restrictive regulations and may in some cases be subject to parts of both laws regulations It is expected that most state health programs will need to modify their existing Privacy Act practices to fully comply Uses and Disclosures Disclosure of health information is permitted for treatment payment and health care operations and for specific The regulation provides outs for public health and purposes as required by public purposes important carvehealth oversight law for public health to avert serious threats to health or law for and research for safety enforcement Individual authorization is not required for these disclosures Disclosures of identifiable data for research are permitted to access identifiable data on-site to developresearch protocol To collect data from covered entities researchers have individual obtain options several authorization from everyone included in the study secure from approval an Institutional Review Board IRB or Privacy Board restrict research to the deceased for which no restrictions apply or limit research to de-identified health information of the is outside of the scope which Researchers will need to regulations negotiate entities their data needs with covered How can organizations prepare Vendors cannot do the heavy lifting when it comes to compliance with the privacy regulations Organizations are expected to take basic reasonable and appropriate 137 Digital image 2005 Marriott Library University of Utah Al rights reserved |
