Monthly Archives: September 2004

HIPAA Privacy – Obtaining Authorization

A covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization,…

HIPAA – Permitted Uses and Disclosures

A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures) A covered entity may disclose protected health information to the individual who is the subject of the information….

HIPAA Permitted Disclosures – Public Interest and Benefit Activities

The Privacy Rule permits use and disclosure of protected health information, without an individual’s authorization or permission, for 12 national priority purposes. These disclosures are permitted, although not required, by the Rule in recognition of the important uses made of health information outside of the health care context. Specific conditions or limitations apply to each public interest purpose, striking the balance between the individual privacy interest and the public interest need for this information.

HIPAA Permitted Disclosures – Opportunity to Agree or Object

Uses and Disclosures with Opportunity to Agree or Object Informal permission may be obtained by asking the individual outright, or by circumstances that clearly give the individual the opportunity to agree, acquiesce, or object. Where the individual is incapacitated, in an emergency situation, or not available, covered entities generally may make such uses and disclosures,…

HIPAA Permitted Disclosures – Treatment, Payment, and Health Care Operations

(2) Treatment, Payment, Health Care Operations. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities.19 A covered entity also may disclose protected health information for the treatment activities of any health care provider, the payment activities of another covered entity and of any health…

HIPAA – Disclosure Principles

Basic Principle A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected heath information may be used or disclosed by covered entities. A covered entity may not use or disclose protected health information, except either: (1) as the Privacy Rule permits or requires; or (2) as…

HIPAA – Information Protected

Protected Health Information The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).” “Individually identifiable health information” is information, including demographic data, that relates to:…

HIPAA Business Associates (Defined)

In general, a business associate is a person or organization, other than a member of a covered entity’s workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. Business associate functions or activities on behalf of…

HIPAA Privacy Rules – Who is Covered?

The Privacy Rule, as well as all the Administrative Simplification rules, apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”). Health Plans Individual and group plans…

HIPAA Law Background

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), PublicLaw 104-191, was enacted on August 21, 1996. Sections 261 through 264 of HIPAA require the Secretary of HHS to publicize standards for the electronic exchange, privacy and security of health information. Collectively these are known as the Administrative Simplification provisions. HIPAA required the Secretary…

HIPAA Privacy – Introduction

The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996…

Overview of Standards for Privacy of Individually Identifiable Health Information

Originally published by the US Government’s Office of Civil Revised April 3, 2003 The following overview provides answers to general questions regarding the Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule), promulgated by the Department of Health and Human Services (HHS). To improve the efficiency and effectiveness of the health care system,…

HIPAA Blog

Welcome to HIPAA Blog – Your guide to HIPAA Compliance and Medical Privacy!