Summary of HIPAA Privacy Rule
HIPAA Summary

Federal – HIPAA Privacy (HHS.gov)   and  Calif. Civil Code
provides  in a one sentence summation that: 

Any  [medical] records  which contain individually identifiable (PHI) Protected Health Information must be secured,  so that they are not readily available to those who do not need them. (HSS Q & A) Thus, the people who can see your medical records is very limited.   HHS Summary of HIPAA Privacy Rule  (25 Pages)    Each covered entity, with certain exceptions, must provide a notice of its privacy practices.

Safeguarding Taxpayer Data - A guide for your businessSafeguarding Taxpayer Data – A guide for your business

CMS Webinar 56 pages on Privacy   2017

Private Entity Chart

Flow Chart – Private Entity

Privacy Practices Notice

The Privacy Rule requires that the notice contain certain elements.

  • The notice must describe the ways in which the covered entity may use and disclose protected health information.
  • The notice must state the covered entity’s duties to protect privacy, provide a notice of privacy practices, and abide by the terms of the current notice.
  • The notice must describe individuals’ rights, including the right to complain to HHS and to the covered entity if they believe their privacy rights have been violated.
  • The notice must include a point of contact for further information and for making complaints to the covered entity.
  • Covered entities must act in accordance with their notices.  (hhs.gov )

   

Hints on writing the notice in Plain English

Plain Language.Gov

Our Quote Engines –  Privacy Policy

More Video’s on Hospitalization:

Steve’s personal thoughts

I think if people just followed the 10 Commandments, the 7 Noahide Laws, and the Golden Rule, and be careful about Gossip,  we wouldn’t have to have ALL these pages and tons of paperwork.

1st HIPAA Privacy Conviction

Defendant Richard Gibson obtained the demographic information of a cancer patient from his employer, Seattle Cancer Care Alliance. Gibson then used this data to obtain credit cards in the patient’s name, eventually incurring over $9,000 in debt for items such as video games, apparel, and jewelry.  (Attorney’s Corwel & Moring)

Consumer Links
Summaries and Links

Office for Civil Rights – HIPAA H & HS Website – has a ton of information and links

Blue Cross Data Breach, Identity Theft, etc.

California Privacy

Privacy wikipedia.org/

wikipedia.org   HIPAA

harvard.edu  privacy  Torts

Privacy Rights.org

ACLU

CA Patients Guide

How and why to get your medical records  – Center for Democracy & Technology Website

Health Privacy . Org HIPPA  Myths and Facts   Lot’s of Information in Simple to Understand Format

Anti-Phishing Act of 2005 Phony Websites & Email to gather identity theft information

Jewish Thought on Gossip, Tale Bearing JewFAQ.org

Online Education  Torah.org

CMS Webinar 56 pages on Privacy

How to comply – Solutions

Paubox.com

Sample Business Associates Agreement – from HHS/OCR Site

For members of NAHU –
National Association of Health UnderwritersCompliance Guide

Insurance Company Forms

Blue Cross’s Privacy Statement

Blue SHIELD Privacy Statement – Release Form

FAQ’s

CIGNA FAQ’s

hhs.gov faq

What does the HIPAA Privacy Rule do?

 

Most health plans and health care providers that are covered by the new Rule must comply with the new requirements by April 14, 2003.

The HIPAA Privacy Rule for the first time creates national standards to protect individuals’ medical records and other personal health information.

– It gives patients more control over their health information.

– It sets boundaries on the use and release of health records.

– It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.

– It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.

– And it strikes a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health.

For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.

– It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.

– It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.

– It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.

– It empowers individuals to control certain uses and disclosures of their health information.

When is an authorization required from the patient before a provider or health plan engages in marketing to that individual?

The HIPAA Privacy Rule expressly requires an authorization for uses or disclosures of protected health information for ALL marketing communications, except in two circumstances: (1) when the communication occurs in a face-to-face encounter between the covered entity and the individual; or (2) the communication involves a promotional gift of nominal value.

If the marketing communication involves direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is involved.

Can contractors (business associates) use protected health information for its own marketing purposes?

No. While covered entities may share protected health information with their contractors who meet the definition of “business associates” under the HIPAA Privacy Rule, that definition is limited to contractors that obtain protected health information to perform or assist in the performance of certain health care operations on behalf of covered entities. Thus, business associates, with limited exceptions, cannot use protected health information for their own purposes. Although, under the HIPAA statute, the Privacy Rule cannot govern contractors directly, the Rule does set clear parameters for how covered entities may contract with business associates. See 45 CFR 164.502(e) and 164.504(e), and the definition of “business associate” at 45 CFR 160.103.

Further, the Privacy Rule expressly prohibits health plans and covered health care providers from selling protected health information to third parties for the third party’s own marketing activities, without authorization. So, for example, a pharmacist cannot, without patient authorization, sell a list of patients to a pharmaceutical company, for the pharmaceutical company to market its own products to the individuals on the list.

 

Sample business associate agreement

Blog Text of Law

Related Pages in Privacy – HIPAA Section

Summaries and Links

Text of law

faq

phi

Leave a Reply

Your email address will not be published.

wp-puzzle.com logo