Use and Disclosure of Medical Information The Health Insurance Portability and Accountability Act (HIPAA)
HIPAA does not just apply to health care providers. HIPAA governs individually identifiable health information . It applies broadly to “covered entities”, which are health plans, health care providers, and health care clearinghouses. HIPAA also can apply to data processors, pharmacy benefit managers, accountants, and many other types of organizations that come into contact with this information. These organizations can, depending on the services they provide, become, “business associates” under HIPAA. This is the case even where they do not deliver health care directly but provide services to the “covered entity” using information that qualifies as “ protected health information.” The U.S. Department of Health and Human Services (HHS) has issued several sets of regulations including regulations for the privacy and security of health information otherwise known as the “Privacy Rule” and the “Security Rule”, and “Breach Notification Rule” Privacy Rule. Standards for the privacy of individually identifiable health information are set forth in the HIPAA Privacy Rule. The Privacy Rule defines this health information as “protected health information” or PHI, which includes information related to the past, present, or future physical or mental health or condition, the provision of health care to an individual, or the past, present, or future payment for such health care which is created or received by a covered entity. The Privacy Rule limits any entity covered under HIPAA to disclosure of PHI to: (1) the individual; (2) for use in treatment, payment, or health care operations; (3) for certain purposes where an individual has been given an opportunity to object or opt-out; (4) when required by law or in accordance with other strong public interest policies (such as law enforcement or in the course of judicial or administrative proceedings); or 5) for other purposes pursuant to an “authorization” that meets certain requirements spelled out in the Privacy Rule, or 6) certain other limited purposes.
17
Made with FlippingBook - Online Brochure Maker