HIPAA Privacy Rules Mean Major Changes For Providers

The Bush Administration recently allowed new patient privacy regulations set out in the Health Insurance Portability and Accountability Act to take effect.† Essentially, the new privacy standards limit who can see a patient's medical records without prior written consent, and they provide strict guidelines about how such information can be handled.† The rules include new requirements regarding how providers maintain and exchange information electronically.† The standards will require major changes in how health care providers and organizations handle all facets of information management, including reimbursement, coding, security and patient records. Virtually all health care providers and health plans must comply with the new rules by April 14, 2003.

HIPAA's privacy rules are expansive.† They are designed to protect any health information that relates to the past, present or future physical or mental health of a patient as well as the payment for health care services.† If this health information is maintained or transmitted in electronic, written or verbal forms, it is within the scope of HIPAA's rules.† This means that even oral communications may need to be protected from unlawful use and disclosure.† For example, information that health care providers convey to patients when other family members are nearby may even be considered an unauthorized disclosure.

HIPAA not only restricts a health care provider's use of protected health information but also grants patients the right to access and track their own health information.† This information may not be used without the patient's written consent.† Any use or disclosure of a patient's protected health information must be strictly limited to the "minimum necessary" to accomplish the legitimate purpose for such use.† There is confusion at this point as to what constitutes "minimum necessary."

HIPAA's privacy rules also apply to health plans and companies that process health insurance claims.† However, HIPAA excludes certain types of health insurers, such as workers' compensation and liability and disability plans, from its scope.† Business associatesóany person or entity that provides services on behalf of a covered entity that receives protected health information from that covered entityóalso must comply.† Examples include businesses or...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT