HIPAA

Contents

1. Protecting the Privacy of Patient’s Health Information 

  v Overview

  v Patient Protections 

  v Health Plans and Providers 

  v Outreach and Enforcement

2. Summary of the HIPAA Privacy Rule 

  v Introduction

  v Statutory & Regulatory Background

  v Who Is Covered by The Privacy Rule

  v Definitions  

  v Business Associates  

  v What Information Is Protected  

  v General Principle for Uses and Disclosures  

  v Permitted Uses and Disclosures  

  v Authorized Uses and Disclosures  

  v Limiting Uses and Disclosures to the Minimum Necessary

  v Notice and Other Individual Rights  

  v Administrative Requirements  

  v Organizational Options   

  v Other Provisions: Personal Representatives and Minors’ Personal Representatives

  v State Law

  v Enforcement and Penalties for Noncompliance  

  v Compliance Dates   

  v Copies of the Rule & Related Materials   

  v Incidental Uses and Disclosures  

  v Minimum Necessary  

  v Personal Representatives  

  v Business Associates  

  v Uses and Disclosures for Treatment, Payment, and Health Care Operations  

  v Marketing   

  v Disclosures For Public Health Activities

  v Research  

  v Disclosures For Workers’ Compensation Purposes   

  v Notice of Privacy Practice For Protected Health Information   

  v Restrictions on Government Access to Health Information  

3. Implementation of Administrative Simplification Requirements by HHS  

                    Overview  

                    Implementation Plan  

                    Standards Adoption Process  

                    Public and Private Sector Input into the Standards Development Process  

                    Implementation Schedule

                    Understanding CMS’s Compliance Policy  

                    What Is a Contingency Plan? 

                    Steps For Contingency Planning  

                    Health Plan Responsibilities 

                    Review Your Good Faith Efforts to Comply 

4. Security Standard  

  v General Approach   

  v Specific Requirements   

  v Guidance on Compliance with HIPAA Transactions and Code Sets After the October 16, 2003 ImplementationDeadline  

                    Enforcement Approach 

                    Working Toward Compliance  

  v HIPAA Administrative Simplification Compliance Act (ASCA)  

  v Electronic Transaction Standards  

  v Code Set Standards   

                    What Is a Code Set  

                    What Code Sets Have Been Adopted as HIPAA Standards?    

5. FAQ About HIPAA  

  v HIPAA: In General   

  v Privacy Rule: General Topics   

  v Protected Health Information   

  v Preemption of State Law  

  v Covered Entities   

  v Compliance Dates  

  v Minimum Necessary

  v Business Associates  

  v Treatment/Payment/Health Care Operations   

  v Right to Access Medical Records  

  v Complaints  

  v Right to an Accounting of Disclosures  

  v Incidental Uses and Disclosures  

  v Public Health Uses and Disclosures

  v Facility Directories  

  v Disclosure to Family and Friends  

  v Disclosures Required by Law   

  v Disclosures for Rule Enforcement  

  v Disclosures for Law Enforcement Purposes   

  v Authorizations   

  v Marketing Uses and Disclosures   

  v Workers’ Compensation Disclosures   

  v Notice of Privacy Practices  

  v Personal Reps/Parents and Minors  

  v Limited Data Set  

  v Research Uses and Disclosures  

  v Transition Provision   

Appendix A: Notice of Privacy Practices  

Appendix B: Sample Business Associate Contract 

Appendix C: How to File a Health Information Privacy Complaint With the Office For Civil Rights