|  | Healthcare Industry | General Healthcare Industry

HIPAA Privacy Notice Requirements

HIPAA stands for the Health Insurance Portability and Accountability Act, which was enacted in 1996 and is overseen by the U.S. Department of Health and Human Services. HIPAA regulations are enforced by the Office of Civil Rights, and prevent the release, disclosure or use of an individual's health information without written permission. However, there are instances when certain health information can be disclosed to what is referred to as "covered entities" without permission.

  1. Covered Entities

    • A covered entity is described as any organization or third party that deals with the public interest. The Center for Disease Control is one such entity. The CDC is required to collect and disburse information that may have an effect on the health of the general public to minimize or prevent the spread of communicable diseases. Also included in the category of covered entities are law enforcement agencies. Whenever a person is treated in a hospital or by a private physician for injuries resulting from domestic violence, abuse or neglect, the law requires that the local police department be notified. Medical examiners and funeral directors are also required to obtain medical histories for organ donors who have passed away, and may obtain such information without written consent. Covered entities may exchange necessary medical information with one another without consent.

    Disclosure Under HIPAA

    • As of April 14, 2003, health care providers are required to supply patients with privacy notices at first contact. They are also required to post the notice in a prominent place where it may be read by patients who are seeking care. In an emergency situation, the hospital or medical services provider is required to provide a privacy statement to the patient as soon as the patient's condition has been stabilized.

      Each entity providing care, whether directly or indirectly, is required to provide privacy notices to patients or enrollees. Customarily a health care provider will use a specific laboratory and will have reached an agreement to use a single form notice covering both the provider and the laboratory. These notices must be provided to the patient upon request. A covered entity must also make the privacy notice form available on any website it maintains for benefits information or customer service. Health care organizations are required to provide privacy policies and notify plan participants every three years of the availability of their privacy policies.

    Your Rights Under HIPAA

    • You have the right to know the name of any covered entity to which your protected health information has been disclosed. Disclosure of this type of information is limited to six years prior to the date of your request. What is not included in this disclosure is treatment or payment information or information obtained for law enforcement, intelligence gathering or national security purposes.

      You have the right to restrict access to your personal health information, even though the covered entity is not required to accept your request for restrictions. If accepted, they must comply with the request except in an emergency situation.

General Healthcare Industry - Related Articles