Federal Protections for Health Information.
On Dec. 28, 2000, the Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979
Health and Human Services, HHS , unveiled sweeping new protections for individually identifiable patient information. The new federal privacy rules, which implement portions of the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.
According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ), will have a dramatic impact on the way healthcare entities do business. The regulations apply to health clearinghouses and all but the smallest health plans. Healthcare providers will have to comply with the rules if they transmit any health information in electronic form in connection with certain "standard transactions," including healthcare payment and remittance advice, health claims status, and referral certification and authorization.
The new provisions are designed to create a minimum level of privacy for all protected health information protected health information Health informatics Any individually identifiable health informatlon that is used or circulated by an entity that falls under the governance of HIPAA; the privacy regulations mandate safeguards for protected health information, and the . State laws that are more stringent than the federal HIPAA rules will remain in effect, but the new rules will preempt other state laws relating to health information privacy. Entities covered under the rules will be required to implement a number of policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental designed to ensure that health information will be used or disclosed only as permitted by the rules. For example, most healthcare providers will have to obtain a written "consent" from an individual in order to use or disclose the individual's health information for treatment, payment or healthcare operations. Covered entities must obtain a separate written "authorization" to use or disclose health information for any other purpose. They also will have to designate a privacy officer who will help ensure that the entity meets the privacy requirements.
Most covered entities will have to comply with the rules by 2003. Although it may sound like a lot of time, the complexity of the regulations and the fundamental procedural and cultural changes many covered entities will be forced to undergo could take several months to implement. Because severe civil and criminal penalties may apply for failing to adhere to the rules, healthcare companies and providers should begin working now to come into compliance by the deadline.
Contributed by Shannon Hartsfield, Esq., chair of the Healthcare Law Committee for the Young Lawyers Division of the American Bar Association American Bar Association (ABA), voluntary organization of lawyers admitted to the bar of any state. Founded (1878) largely through the efforts of the Connecticut Bar Association, it is devoted to improving the administration of justice, seeking uniformity of law . She is an associate with Holland & Knight LLP LLP - Lower Layer Protocol , Tallahassee, FL, and can be reached at email@example.com