Question

What are the basic HIPAA requirements concerning privacy of protected healthcare information

Answer 1

The basic HIPAA requirements concerning privacy of protected healthcare information includes; “covered entities” which generally includes health plans and health care providers who transmit health information in electronic form. Covered entities include almost all health and mental health care providers, whether they are outpatient, residential or inpatient providers, as well as other persons or organizations that bill or are paid for health care.

1.     The Privacy Rule protects all “protected health information” (PHI), including individually identifiable health or mental health information held or transmitted by a covered entity in any format, including electronic, paper, or oral statements.

2.     A major purpose of the Privacy Rule is to define and limit the circumstances under which an individual's PHI may be used or disclosed by covered entities. Generally, a covered entity may not use or disclose PHI to others, except:

a.     as the Privacy Rule permits or requires; or

b.     as authorized by the person (or personal representative) who is the subject of the health information. A HIPAA-compliant Authorization must contain specific information required by the Privacy Rules.

3.     A covered entity must provide individuals (or their personal representatives) with access to their own PHI (unless there are permitted grounds for denial), and must provide an accounting of the disclosures of their PHI to others, upon their request.

4.     The Privacy Rule supersedes State law, but State laws which provide greater privacy protections or which give individuals greater access to their own PHI remain in effect.