Institutional Privacy Committee
What is HIPAA?
The Health Insurance Portability and Accountability Act
of 1996 (HIPAA) is intended to improve the efficiency and
effectiveness of the health care system
HIPAA directly regulates three types of "covered entities"
Health Care Providers
Health Plans
Health Care Clearinghouses
What is the Privacy Rule?
The current version of the HIPAA Privacy Rule became effective
on August 14, 2002.
The Privacy Rule includes standards that:
- Limit the use and disclosure of health information
- Restrict most use and disclosures of health information
to the minimum necessary to carry out the intended purpose
- Give patients the right to:
- Receive a Notice of Privacy Practices describing
how USM covered Entities use and disclose their health
information; each patient must receive this document
at least one time
- Receive a listing of certain releases by USM of their
health information
- Inspect, copy, and request amendments to their medical
records
- Request restrictions on the uses and disclosures of
their health information
- Request alternate forms of communication (e.g., use
work address instead of home address, no post card,
etc.)
- File a formal complaint about violations of privacy
protection with USM or the Department of Health and
Human Services
- Revoke an authorization for use/disclosure of identifiable
health information to the extent researchers have not
already "relied on it"
The Privacy Rule also:
- Establishes criminal and civil penalties for improper
use or disclosure ($100 to $25,000) for multiple violations
in the same year, $250,000 and/or up to 10 years imprisonment
for knowingly misusing a person's protected health information
- Establishes new requirements for access, use and future
disclosure of health related records by researchers
What does the Privacy Rule Protect?
The Privacy Rule protects certain types of health information
acquired by Covered Entities including demographic information
that could be used directly or indirectly to reasonably identify
an individual and;
- Relates to the past, present, or future physical or mental
health condition or treatment of an individual: OR
- Describes the past, present or future payment for the
provisions of healthcare to an individual (e.g., names and
addresses of patients for whom payment has been or will
be provided)
What is Protected Health Information?
Protected Health Information is identifiable information
that USM has acquired in the course of health care treatment,
payment or health care operations (such as quality assessment).
Data elements that make health information identifiable include:
name, address, employer, relatives' names, dates (of birth,
services, payment, and death), telephone numbers, e-mail addresses,
social security numbers (whole or part), member or account
numbers, certificate or license numbers, voice recordings,
fingerprints, photographs or other linked number, code or
characteristic (see USM Policy and Procedure).
When do I need to be in compliance?
The compliance date for the privacy rule is April 14, 2003.
However USM Policies and Procedure have been formed to comply
with numerous existing privacy regulations including by not
limited to FERPA, and the Common Rule for Human Subject Research
(45 CFR 46).
The Director of Research Compliance, William Harrison, may be contacted for
comprehensive information on USM Policies and Procedures for Research.
|
