August 12, 2014 Laura D. Anderson, Esq. Rahul S. Maitra, Esq.
Primar ary pur urpos ose was s to to ma make e it t easi asier er fo for in individu dividuals ls to to take h healt lth in insurance wit with th them wh when changin ing j jobs bs Addition dditionally lly, set t natio tional l standards for or th the prot protection tion of of an in individu dividual’ l’s pro prote tected healt lth in informa ormation ion (P (PHI) thro rough it its Priv rivacy R y Rule le and d ele lectr tronic ic pro prote tected health lth in informa rmation ion (EP (EPHI) th thro rough it its Security ity Rule le
Ex Expa panded com omplia pliance re requir irements Interpreted and d imple implemented provis d provision ions o of the e HIT HITECH H Act
Generally lly re requ quire complia mpliance by by cert rtain in “c “cove vered entitie ities” and d “bu busin iness associa iates” Gro roup healt lth pla plans are “c “cove overed entit titie ies” ” unde der HIPAA and d mu must t comply mply with with cove vered entiti tities’ oblig obligation tions re regardin ing PHI
Health lth pla plans, in inclu ludin ding grou roup p health lth pla plans Heal ealth th ca care cl e clearinghou ouses Health lth care re pro provide viders wh who o tra ransmit mit healt lth in informa ormation ion in in ele lectr tronic ic form orm
Indiv dividu iduals ls or or entitie tities th that t pe perf rform m functio tions or or pro provide vide s serv rvic ices for or cove overed e d entitie tities, oth ther th than in in the capa pacity ity of a me membe ber of the work workforce, and d that t use or or dis disclo lose PHI in in the cou ours rse of pro providin viding those servic vices
Curr rrently, ly, bu busin iness assoc ocia iates are held ld to to mo most st of of the he sa same e sta stand ndards as s cov covered ed entiti tities and d are dire directly ly lia liable ble for r vio viola latio tions and impe impermis rmissibl ible dis disclos losures
Cove overed e d entitie tities a and d bu busin iness a associa iates mu must tra train in all ll me membe bers of of th their ir work workforce on th the re requir irements ts of of HIPAA complia ompliance Must be be as necessary and d appr pprop opriate f for r the members of me of th the work workforc rce to to carry o y out t th their ir function ions
A cove vered entity ity must im imple pleme ment polic policie ies and d proc procedures with with re respect t to to PH PHI de desig igned to to com omply wit ply with HIPAA Must be be changed as necessary and d app pprop opriate to o comply with mply with changes in in th the la law
Sets n nation ional s l sta tandards f for or th the prot protection ion o of PHI Fo Follo llowin wing the Omn mnibu ibus Fin Final l Rule le, bo both th cove overed entit titie ies and d bu busin iness assoc ocia iates mu must comply mply wit with th the Priv Privacy Rule le, and d are bot both subj bject to o pe penalti lties for r failu ilure to o comply mply
PHI is is in individu dividually lly ide identif tifia iabl ble health lth in informa ormation ion EP EPHI is is PHI th that is is tra transmitt itted or or ma main intain ined d in in ele lectron onic ic form rm
Cre reated or or re receiv ived by by a cove vered entit ity Rela lates t to o pa past, t, pre present or or future re ph phys ysic ical l or or me mental l health lth or or con ondition dition of an in individu dividual; l; provis provision ion of of care re to o an in individu dividual; or or pa past, pre present o or r future re pa payme yment f for r the pro provis visio ion of of healt lth c care re
Nam Names es Telep elephone nu e number ers Geograp aphi hic Fax n num umbers subdivi visions s smalle aller Email ail ad addres resses th than a an a state, tate, i. i.e. e. Social s ial sec ecuri urity ty street treet ad addres ress, c city, ity, numbers ers county, ty, prec recin inct, zip zip Med edic ical al rec record rds code cod numbers ers Dates Dates, suc uch as as birth irth Health Health p plan lan I ID D date ate an and date ate of hire, ire, numbers ers and all and all ages ages over ver 89
Acco Accoun unt num numbers rs Int ntern rnet Pro Protoco col l (IP) P) Ad Addres resses Certif ifica cate/ e/li license cense numb mbers rs Bio iomet etric ic id ident entifiers rs Vehicle ehicle id ident entifie iers Full ull fa face p ce pho hotos and nd seria serial numb number and nd co comp mpara rable e ima images Devic evice id e ident entifier ers and nd seria serial numb numbers Any Any o other uniq her unique e ident ntif ifying ying n numb mber r Web U Universa versal l cha chara racter eristic ic, o or r Reso Resourc rce Lo e Loca cators rs code co e (URLs) Ls)
Medic ical l re recor ords ds De Dental l re recor ords ds Billin illing in inform ormation ion or or in invoic voices Telep ephon one no note tes s X-Rays, la lab b re repo ports ts Oral l dis discussion ions (wh (whether in in pe pers rson on or or ove over r th the ph phone) Patient a t appoin ppointment in inform ormatio tion
Cove overed e d entitie tities ma may y not ot use or r dis disclos lose PH PHI except pt as th the Priv Privacy y Rule le pe perm rmits its or or re requ quires, or or as authoriz ized by by th the in individu dividual Busi usiness asso ssoci ciat ate e ma may onl only use use or or discl sclose ose PHI I per te terms of f its s busi usiness ness a associ ssociat ate e agreement or r as re required by d by la law
Treatme atment nt Paym yment Heal ealth th ca care op e operat ation ons
The P Priv rivacy R y Rule le re requ quires that t cove vered d entiti tities and d bu busin iness assoc ocia iates use and d dis disclo lose th the min inim imum amo mount o of PHI necessary to o accomplis mplish a pa partic rticula lar pu purpo rpose
Cove overed e d entitie tities a are re re requ quir ired to o ente ter in into o a BAA with with th their ir bu busin iness assoc ocia iates to to ensure th that bu t busin iness a assoc ocia iates appr pprop opria iately ly sa safeg feguard P PHI BAA re requ quirements ts have changed unde der th the Omn mnibu ibus Fin Final l Rule le, bu busin iness assoc ocia iates and d cove overed entit titie ies must upda pdate BAA to o be be in in com omplia pliance wit with HIPAA
Agreement c t cla larif rifie ies a and d limit limits th the pe permis rmissibl ible uses and d dis disclos losures of of PHI by by the bu busin iness ass ssoci ciat ate Based d on on re rela lation ionship ip be betwe ween the pa part rtie ies and th the activitie tivities or or serv rvic ices be bein ing pe perf rformed by th by the bu busin iness assoc ocia iate
General l rig right to to obta btain in and d re review w a copy py of PHI Rig ight to to have PHI amended d wh when in inform ormation ion is is in inaccurate or in or incomple mplete te Right ht to to an n acco ccount unting ng of of discl sclosur sures es of of PHI by by a cove overed entity tity or r bu busin iness assoc ocia iate
Rig ight to to re requ quest t th that a a c cove overed d entit tity y re restric ict use use or discl sclosur osure e of f PHI Rig ight to to re requ quest t alt lternativ tive me means or r lo locatio tion for r re receivin iving c comm mmunic icatio ions of of PHI Right ht to to recei ceive Not Notice ce of of Privacy cy Pract actices es
A A co covered ed enti ntity or or busi usines ness a s asso ssoci ciat ate must e must de desig ignate a priva privacy y of offic icer r wh who is is re respon onsib ible le for r de develo lopin ping a and d im imple pleme mentin ing po polic licie ies and d proc procedures of the entity ity Ove versees HIPAA complia ompliance for or th the entit tity
Es Establis lishes nation ional l securit ity sta tandards ds for r prot protectin ting PHI held ld or or tra transferred in in electr ectronic c fo form m (EPHI) I) Goa oal l is is to to prot protect t priva privacy o y of EPH EPHI wh while ile allo llowin wing adopt doption ion of new w te technolog logies to o improv improve the qu quality lity and d effic icie iency y of pa patie tient care re
Recommend
More recommend