SEARCH - (members only)
about us | membership | vendors | events | contact | site map       
    HIPAA
    AudioChats
    eLearning
    Publications
    Links
     Listserve
   EHealth
     AudioChats
     Video Seminars
     Publications
    Links
    Listserve
   Presentations
   A/V Interviews
   HHS/HCFA Videos
   Tools 
     OPPS
     Publications
     Links
    Listserve Archives
    Staff Assistance
   HIPAA FAQ
    EHealth FAQ


 

Rx2000 Institute
11824 Wayzata Blvd
Minneapolis, MN 55305
Phone: 952-595-9551
FAX: 952-513-1544

GovLink
 Please notify us if you see additional Government-related 
updates . To contact the Rx2000 Institute,  
click here

Volume 3 Issue 9

Dr. Thomas E. Colonna

Editor-in-Chief

HHS Issues Final HIPAA Privacy Regulations:

The Department of Health & Human Services (HHS) issued final privacy regulations for health information mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Highlights of the final privacy regulations include:
  • The privacy regulations cover all individually identifiable health information, electronic records, paper records, or oral communication.
  • Providers will need to obtain a patient’s consent to the disclosure or use of the patient’s health information for ordinary activities such as treatment, payment and the entity’s own operations.
  • The regulations will permit providers and related foundations to use limited patient information, without patient authorization, in connection with their fundraising activities.
  • Before employer sponsored health plans share protected health information with the employer, there must be specific restrictions on the employer’s use and disclosure of the information.
  • Healthcare providers and insurance companies will be required to rewrite contracts with business partners-including attorneys, auditors, and consultants-to make sure that they adhere to the privacy rules. Healthcare providers will be responsible for the partners’ violations only if they had knowledge of such violations.
  • Patients will have the right to inspect and copy their medical records, as well as to request amendments and corrections to their records.
  • Healthcare providers and plans will be required tell patients about how their information is being used and who it is being disclosed to.
  • Healthcare providers and plans will be required to restrict the amount of information used or disclosed to the "minimum necessary" to achieve the purpose of the use or disclosure.
  • Healthcare providers and plans will be required to establish privacy-conscious business practices. These include training staff about privacy issues, designating a "privacy officer", and making sure that the appropriate safeguards are in place to protect health information.
  • The regulations do not provide for a private right of action permitting patients to sue for violations, but do contain both civil and criminal penalties for violation, including fines and imprisonment (e.g., a fine of up to $250,000 and imprisonment for up to 10 years for knowingly disclosing or obtaining protected health information if done for commercial or personal gain or for malicious harm).

The regulations become effective in February 2003. For a more information regarding the new HIPAA privacy regulations, visit http://aspe.os.dhhs.gov/admnsimp/.

 

(click here to return to GovLink main page)

 


 

Knowledge Center | GovLink | Support Center
   
 about us | membership | vendors | events | contact | site map | privacy
FAQs | Rx2000 FAQ | HIPPA FAQ | eHealth FAQ       

Copyright © 1996-2000 Rx2000 Institute.  All Rights Reserved
Rx2000 Institute is an independent, non-profit, member-supported information clearinghouse,
improving healthcare cost and quality.