Act. When I hear people talking about HIPAA, they are usually not talking about the original Act. They are talking about the Privacy Rule that was issued as a result of the HIPAA in the form of a Notice of Health Information Practices.
The United States Department of Health & Human Services official Summary of the HIPAA Privacy Rule is 25 pages long, and that is just a summary of the key elements. So as you can imagine, it covers a lot of ground. What I would like to offer you here is a summary of the basics of the Privacy Rule.
When it was enacted in 1996, the Privacy Rule established guidelines for the protection of individuals’s health information. The guidelines are written such that they make sure that an individual’s health records are protected while at the same time allowing needed information to be released in the course of providing health care and protecting the public’s health and well being. In other words, not just anyone can see a person’s health records. But, if you want someone such as a health provider to see your records, you can sign a release giving them access to your records.
So just what is your health information and where does it come from? Your health information is held or transmitted by health plans, health care clearinghouses, and health care providers. These are called covered entities in the wording of the rule.
These guidelines also apply to what are called business associates of any health plans, health care clearinghouses, and health care providers. Business associates are those entities that offer legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services.
So, what does a typical Privacy Notice include?