Privacy Rule
In response to the HIPAA mandate, HHS published a final regulation in the form of the Privacy Rule in December 2000, which became effective on April 14, 2001. This Rule set national standards for the protection of health information, as applied to the three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct certain health care transactions electronically. As such, Stony Brook University Medical Center must implement standards to protect and guard against the misuse of individually identifiable health information.
The Privacy Rule establishes, for the first time, a foundation of Federal protections for the privacy of protected health information. The Rule does not replace Federal, State, or other law that grants individuals even greater privacy protections, and covered entities are free to retain or adopt more protective policies or practices.
Q: What does the HIPAA Privacy Rule do?
- The HIPAA Privacy Rule for the first time creates national standards to protect individuals' medical records and other personal health information.
- It gives patients more control over their health information.
- It sets boundaries on the use and release of health records.
- It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
- It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients' privacy rights
- And it strikes a balance when public responsibility supports disclosure of some forms of data - for example, to protect public health.
For patients - it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.- It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
- It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
- It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
- It empowers individuals to control certain uses and disclosures of their health information
Source: Office for Civil Rights Guidance. December 3, 2002
Complete Regulation Text for Privacy Rule (Parts 160 and 164), as modified (05/31/02, 08/14/02) published by the Office for Civil Rights (OCR): http://www.hhs.gov/ocr/privacy
Security
Private health plans, health care providers, and health care clearinghouses must assure their customers (such as patients, insured, providers, and health care plans) that the confidentiality and privacy of health care information they electronically collect, maintain, use, or transmit is secure. Security of health information is especially important when health information can be directly linked to an individual. Confidentiality is threatened not only by the risk of improper access to electronically stored information, but also by the risk of interception during electronic transmission of the information.
The Security Rule mandates health plans, health care clearinghouses, and health care providers to have security standards in place to comply with the statutory requirement that health care information and individually identifiable health care information
be protected to ensure privacy and confidentiality when health information is electronically stored, maintained, or transmitted.
Source: Federal Register: August 12, 1998 (Volume 63, Number 155)
For more information please visit: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule
Copyright © 2024, Stony Brook University Hospital. All rights reserved