HIPAA Privacy Standards: An Overview Show In enacting the 1996 Health Insurance Portability and Accountability Act (HIPAA), Congress recognized that advances in electronic technology in the health care industry could lead to an erosion of the privacy and confidentiality of patient health information. While many States have already taken steps to safeguard patient information, health plans and health care providers must currently rely on a patchwork of State laws and regulations that often are incomplete and, at times, inconsistent. In 1999, Congress directed the federal Department of Health and Human Services (HHS) to establish comprehensive national standards for the privacy and protection of 'individually identifiable health information'. These standards are referred to as the 'HIPAA Privacy Rule'. What health information is covered by this rule? The privacy rule protects electronically transmitted health information that identifies an individual - medical records, patient charts, plan enrollment and disenrollment information, admission and discharge records, health care claims and payments, claims attachments, and so forth. If the health information contains any data that could be used to identify a patient, it is protected under this rule. The protection stays with the information as long as it is in the hands of a health plan or health care provider. Preemption of State Laws The HIPAA privacy rule preempts (supersedes) all but the 'more stringent' provisions of State law. 'More stringent' means that the State law is more restrictive when it comes to disclosing patient health information to another party, and more permissive when it comes to patient access to his/her own health information. In New York State, HIPAA privacy standards are thought by the Office of Mental Health to preempt some State Mental Hygiene provisions, although the New York standards will continue to prevail in many instances. It may, therefore, be necessary for some mental health providers and county mental health departments to modify the way in which they treat patient information. (For more information on NYS provisions thought by OMH to be preempted by HIPAA, please refer to the OMH HIPAA Privacy Rule Preemption Analysis.) Key privacy provisions in a nutshell A. Patient Rights
B. Disclosing Protected Health Information (PHI)
C. Safeguarding Protected Health Information (PHI)
To learn more about HIPAA privacy standards, click on the 'What Do You Need To Know' link. This material has been designed as an educative tool for mental health consumers and it offers practical HIPAA tips. Another good source of information is the 'Additional Resources/Related HIPAA Sites' link. This link features sites that were selected because they offer valuable information on consumer privacy rights and provide many practical tips and guidelines. For more information on privacy-related questions please check the Privacy FAQ page or submit your own questions on-line at 'Ask CMS'. Which of the following is not a requirement of the Hipaa privacy standards?Question 2 - The requirements of HIPAA Privacy include all of the following EXCEPT: Answer: Putting firewalls on all internet connections.
Which of the following is not protected health information PHI subject to the Hipaa Privacy Rule?PHI only relates to health information about patients or health plan members. It does not include information contained in educational and employment records.
Which option below is not a covered entity under Hipaa?Which option below is not a covered entity under HIPAA? Rationale The definition of "health plan" in the HIPAA regulations exclude any policy, plan, or program that provides or pays for the cost of excepted benefits.
What does the privacy rule do quizlet?The fundamental purpose of the Privacy Rule is to define and limit the circumstances in which an individual's personal health information (PHI) may be used or disclosed by a covered entity or its business associates.
|