HIPAA Regulation With Nursing Homes
The Health Insurance Portability and Accountability Act of 1996, or HIPAA. provides nursing home residents with important safeguards as to how their electronic protected health care information is used and disclosed. Nursing home and other long-term care facilities that meet the definition of a covered entity under HIPAA are required to comply with applicable privacy and security rules of the Act.-
Privacy Rules
-
HIPAA privacy rules define the circumstances under which a resident's electronic health care information can be disclosed to third parties. With few exceptions, a facility must have the resident's written authorization to disclose specific medical information. Residents must be provided with a written notice as to how health information is used and shared.
Security Rules
-
Facilities must implement administrative, technical, and physical safeguards to ensure that electronic protected health care information is not disclosed to unauthorized persons. Specific electronic security systems and requirements are not defined in the HIPAA security rules, allowing nursing homes to select and tailor the security systems and equipment that is appropriate to their organization and facilities.
Enforcement
-
The U.S. Department of Health & Human Services Office for Civil Rights, or OCR, investigates complaints of possible violations of HIPAA security and privacy rules. The OCR also conducts compliance reviews and provides outreach and educational programs.
-