HIPAA's Privacy Regulation Readying for Compliance Providers Digging Down to Another Level
Publications
7 minute read
Coverage of Providers
What of your information is covered?
What does the rule mean by "health information?"
When is such information "individually identifiable?"
Can it be "de-identified?"
Name
health plan beneficiary number
Address
account number
Names of relatives
certificate/license number
Birth date
any vehicle or license number
Telephone numbers
Web Universal Resource Locator
Fax numbers
Internet Protocol Address number
e-mail address
Finger of voice prints
social security number
photographic images
medical record number
any other unique number, characteristic, code
And the provider must have no reason to believe that any anticipated recipient of the information could use the information alone, or in combination with other information, to identify the individual!!!!
BASIC RULE: PHI must not be USED or DISCLOSED except as authorized by the patient or as permitted by this regulation or federal or state law. Any use of disclosure pursuant to the regulation must be consistent with the regulation's "minimum necessary standard."
How sweeping is the "minimum necessary" standard?
Assuming compliance with the "minimum necessary standard," what disclosures can be made without an individual authorization?
If the provider tells the patient what use or disclosure will occur and the patient has an opportunity to object to individual uses.
Must the provider honor the request for restriction of use of PHI for treatment, payment or health care operations?
Are there other allowable disclosures without individual authorization?
Public
health oversight of health care system
Research
to state health data systems
Court proceedings
law enforcement
Emergencies
directory information
Financial institutions
as other law requires
Specific conditions must be met under each of the proceeding categories.
If the provider is not disclosing to another provider for a referral, what rules apply?
If individual authorization is sought by the provider, what are the requirements?
What other individual rights are created?
What other administrative procedures will providers have to put in place?
Does HIPAA privacy preempt state law?
Please feel free to contact Mark Lutes at 202/861-1824 in the firm's Washington, D.C. office if you have any questions or comments. Mr. Lutes e-mail address is mlutes@ebglaw.com.
This publication is provided by Epstein Becker & Green, P.C. for general information purposes; it is not and should not be used as a substitute for legal advice.
By clicking “Accept All Cookies,” you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
Privacy Preference Center
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.