Data Covered. Protected health information or PHI is individually identifiable health information that is maintained or transmitted by a covered entity or business associate. General Obligations. HIPAA regulates the use and disclosure of PHI and the collection, use, maintenance, or transmission of electronic PHI, and requires that covered entities provide a “notice of privacy practices” that meets certain regulatory guidelines and is intended to inform consumers how their health information will be used and disclosed as part of receiving services from a provider or obtaining coverage from a health plan. I n addition, HIPAA establishes certain “individual rights” (such as the individual’s right to access PHI, or request an amendment of PHI, in a designated record set). HIPAA Requirements. HIPAA requires (with some exceptions) that covered entities: 1) use, request, and disclose only the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request (Privacy Rule); 2) implement data security procedures, protocols, and policies at administrative, technical, physical, and organizational levels to protect electronic PHI (Security Rule); 3) comply with uniform standards created for certain electronic transactions (Transactions Rule); and 4) notify individuals if there is a breach of unsecured PHI (and requires that business associates notify covered entities in the event of a breach). (Breach Notification Rule). Notice and Disclosure Requirements. The HIPAA Privacy Rule requires each covered entity provide notice to individuals of its privacy practices and of the individuals’ rights under HIPAA, generally on the first visit for treatment. The Privacy Rule sets out specific requirements for the contents and method of the notice of privacy practices. Individual Access to Collected Data. Under HIPAA, individuals have the right (with some exceptions) to: 1) request access to their PHI; 2) make corrections to their PHI; and 3) request an accounting of the manner in which their PHI has been disclosed. There is an obligation for covered
19
Made with FlippingBook - Online Brochure Maker