Chapter 9: The HIPAA Privacy Rule Background This chapter introduces the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. It presents the history, purpose and goals of the rule, along with a detailed discussion of the numerous components of the rule. Key aspects of the rule such as covered entities, business associates, protected health information, designated record set, and personal representatives are presented. The chapter also discusses key documents essential to the rule and issues related to disclosing of health information for marketing, research, fundraising and other purposes along with the patient’s right to access his or her health information and preemption issues. The chapter closes with a focus on the administrative requirements of the rule and noncompliance penalties. An important part of this chapter is a discussion of the changes to HIPAA that are present in the Health Information Technology for Economic and Clinical Health (HITECH) Act of the 2009 American Recovery and Reinvestment Act. Chapter Outline Learning Objectives Key Terms I.Introduction II.Section 1: Overview of HIPAA and Other Patient Privacy Laws; HIPAA Terminology A.Purpose and Goals of HIPAA Privacy Rule B.Source of Law C.Scope and Anatomy of the Law D.American Recovery and Reinvestment Act of 2009 E.History and Comparison with Existing Laws 1. Freedom of Information Act of 1967 2. Privacy Act of 1974 3. Federal Drug and Alcohol Laws 4. Medicare Conditions of Participation 5. State Laws 6. Professional Ethical Standards and Codes of Conduct F. Applicability 1. Covered Entities and Workforce 2. Business Associates 3. Protected Health Information (PHI) a. Deidentified Information G. Additional Privacy Rule Elements 1. Individuals 2. Personal Representatives 3. Designated Record Set 4. Disclosure, Use, and Request 5. Treatment, Payment, and Operations 6. Health Information in Personnel and Educational Records 7. Organization Types III. Section 2: Core Privacy Rule Documents and the Minimum Necessary Requirement A. Key Privacy Rule Documents 1. Notice of Privacy Practices
2. Consent to Use or Disclose PHI 3. Authorization a. Required Elements b. When Authorization Is Required c. When Authorization Is Not Required i.Uses and Disclosures That Require an Opportunity for the Individual to Agree or Object ii.Uses and Disclosures for Which Authorization or Opportunity to Agree or Object Is Not Required d. Authorization and the Sale of PHI e. Revocation B. Redisclosure C. Minimum Necessary Requirement IV. Section 3: Individual Rights; Other Key Requirements; Penalties for Noncompliance A. Individual Rights 1. Access a. Grounds for Denial of Access b. Requesting Access to One’s Own PHI 2. Request Amendment 3. Accounting of Disclosures 4. Confidential Communications 5. Request Restrictions 6. Submit Complaints B. Breach Notification C. Marketing D. Fundraising E. Research F. Preemption G. Administrative Requirements 1. Policies and Procedures 2. Privacy Officer and Contact Person 3. Workforce Training and Management 4. Mitigation
You've reached the end of your free preview.
Want to read all 8 pages?
- Fall '13
- Health Insurance Portability and Accountability Act, HIPAA privacy rule , Hipaa Privacy