This chapter introduces the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. It presents the…
This chapter introduces the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. It presents the history, purpose, and goals of the rule along with a detailed discussion of how it compares to other laws and standards that protect patient information. Central to this chapter are the who and what that the Privacy Rule addresses, with discussion about covered entities, business associates, and the elements that comprise protected health information. It also introduces the reader to basic HIPAA terminology such as designated record set; use and disclosure; and treatment, payment and operations. The key documents, Notice of Privacy Practices, consent, and authorization are detailed, as are commercial uses and disclosures of protected health information and the requirements surrounding the activities of marketing, fundraising and sale of information. The chapter closes with a focus on the minimum necessary requirements. Throughout the chapter, the Health Information Technology for Economic and Clinical Health (HITECH) Act of the 2009 American Recovery and Reinvestment Act is discussed as it applies to changes in the Privacy Rule.
You are creating a steering committee that is responsible for ongoing HIPAA privacy compliance. Who will lead this committee and who will be the members of the committee? Why did you select these individuals?
What type of ongoing educational activities would you provide for the workforce of your organization to facilitate compliance with the HIPAA privacy rule? Who would be included in these educational activities?
How would you ensure that you have identified all of your organization’s current business associates and developed business associate agreements with them? Create a mechanism to identify and track all of your business associate agreements.
Do you believe that the twelve public interest and benefit exceptions to the authorization requirement are warranted? Do you believe that any of these exceptions should require the patient’s authorization