- Coverage of Providers
- What of your information is covered?
- What does the rule mean by “health information?”
- When is such information “individually identifiable?”
- Can it be “de-identified?”
|Name||health plan beneficiary number|
|Names of relatives||certificate/license number|
|Birth date||any vehicle or license number|
|Telephone numbers||Web Universal Resource Locator|
|Fax numbers||Internet Protocol Address number|
|e-mail address||Finger of voice prints|
|social security number||photographic images|
|medical record number||any other unique number, characteristic, code|
And the provider must have no reason to believe that any anticipated recipient of the information could use the information alone, or in combination with other information, to identify the individual!!!!
- BASIC RULE: PHI must not be USED or DISCLOSED except as authorized by the patient or as permitted by this regulation or federal or state law. Any use of disclosure pursuant to the regulation must be consistent with the regulation’s “minimum necessary standard.”
- How sweeping is the “minimum necessary” standard?
- Assuming compliance with the “minimum necessary standard,” what disclosures can be made without an individual authorization?
If the provider tells the patient what use or disclosure will occur and the patient has an opportunity to object to individual uses.
- Must the provider honor the request for restriction of use of PHI for treatment, payment or health care operations?
- Are there other allowable disclosures without individual authorization?
|Public||health oversight of health care system|
|Research||to state health data systems|
|Court proceedings||law enforcement|
|Financial institutions||as other law requires|
Specific conditions must be met under each of the proceeding categories.
- If the provider is not disclosing to another provider for a referral, what rules apply?
- If individual authorization is sought by the provider, what are the requirements?
- What other individual rights are created?
- What other administrative procedures will providers have to put in place?
- Does HIPAA privacy preempt state law?
This publication is provided by Epstein Becker & Green, P.C. for general information purposes; it is not and should not be used as a substitute for legal advice.