The trusted source for
healthcare information and
The Bush administration announced on April 12 that it will not make major changes to the delayed Health Insurance Portability and Accountability Act final privacy rule. Here are the basics:
• Who’s affected: The regulation covers health plans, health care clearinghouses, and health care providers who conduct financial and administrative transactions like electronic billing and funds transfers.
• What’s protected: All medical records and other individually identifiable health information held or disclosed by a covered entity in any form.
• Disclosure: Providers must give patients a clear written explanation of how they can use, keep, and disclose their health information. Patients must be able to see and get copies of their records and request amendments. You must also give patients a history of disclosures.
• Consent: Providers must obtain patient consent before sharing their information for treatment, payment, or health care operations purposes. Patient consent also must be given for non-health care purposes such as releasing information to financial institutions or their employer or for selling names to mailing lists. Providers cannot condition treatment on a patient’s agreeing to disclose health information for non-routine uses. However, this does not apply to the transfer of medical records for treatment purposes because primary care physicians, specialists, and other providers need access to the full record to provide the best quality care.
• Security. Providers must adopt written privacy procedures that include who has access to protected information, how it will be used within the entity, and when the information would or would not be disclosed to others. They must also take steps to ensure that their business associates protect the privacy of health information.