HIPAA REGULATIONS: PRIVACY RULE

For most covered entities, the Privacy Rule compliance date is April 14, 2003; however, certain small health plans have until April 14, 2004. The approved HIPAA privacy rule provides minimum applicable standards in the area of protecting a patient's right to privacy. More stringent state laws supercede this rule to ensure the highest level of patient privacy possible in every instance. This rule creates national standards to protect individual medical records and other personal health information regardless of the format (electronic, paper or verbal). Privacy rules impact how and to whom data is disclosed, while the security rule impacts the physical safety of that data. These rules work together and should be treated as a unit during the implementation of any HIPAA compliance strategy.

This rule provides individuals with significant control over their health information. As a result, patients can request restrictions on the use and disclosure of their health information, have the right to review and copy their medical records, and can request that appropriate amendments or corrections be made to their medical records.

Additionally, the rule balances public responsibility with privacy protections by setting boundaries on medical record use and release. Specifically, healthcare providers and health plans must inform patients and/or plan members of their business practices concerning the use and/or disclosure of health information. The rule further ensures the security of personal health information by requiring covered entities to adopt written privacy procedures, train their employees in these privacy procedures and designate a privacy officer.

Currently, the DHHS has proposed modifications to this standard that strengthen notice provisions while also removing consent requirements that were felt to hinder necessary access to care. In their current form these proposed modifications also maintain the minimum necessary rule, allow for treatment related conversations, assure appropriate parental access to minors records, prohibit the use of records for marketing purposes, assure privacy without impeding research, provide model business associate provisions and simplify authorization requirements.

Further information

To discuss your particular requirements, or for further information on Equivus products and services, please feel welcome to call us on 866.378.4887. Alternatively please email info@Equivus.com.

© 2000 EQUIVUS, Inc. All Rights Reserved Powered by Equivus Hosting Services

Home | About Equivus | Products & Services | News | Careers | Support | Contact | Search | Site Map