Texas Medical Systems
Company Solutions Support Training Spacer
 

>
Clearinghouse
>
Medical Records
>
HIPAA
 
>
Code Sets
 
>
Unique Identifiers
 
>
Privacy Rule
 
>
Security Rule
 
>
Administrative
 
>
Links
>
Hardware
>
Leasing
>
Home


HIPAA

 

HIPAA REGULATIONS: PRIVACY RULE

For most covered entities, the Privacy Rule compliance date is April 14, 2003; however, certain small health plans have until April 14, 2004. The approved HIPAA privacy rule provides minimum applicable standards in the area of protecting a patient's right to privacy. More stringent state laws supercede this rule to ensure the highest level of patient privacy possible in every instance. This rule creates national standards to protect individual medical records and other personal health information regardless of the format (electronic, paper or verbal). Privacy rules impact how and to whom data is disclosed, while the security rule impacts the physical safety of that data. These rules work together and should be treated as a unit during the implementation of any HIPAA compliance strategy.

This rule provides individuals with significant control over their health information. As a result, patients can request restrictions on the use and disclosure of their health information, have the right to review and copy their medical records, and can request that appropriate amendments or corrections be made to their medical records.

Additionally, the rule balances public responsibility with privacy protections by setting boundaries on medical record use and release. Specifically, covered entities are allowed to transmit PHI for the purposes of Treatment, Payment and Healthcare Operations (TPO) without obtaining an individual's written consent; however, the covered entity must obtain an authorization where indicated as well as inform patients of their business practices (disclosures and legal obligations in handling PHI), known as Notice of Privacy Practices, concerning the use and/or disclosure of health information. The rule further protects PHI by requiring covered entities to adopt written privacy procedures, train their employees in these practices and designate a privacy official.

 
Copyright 2006 — Texas Medical Systems Inc.