Federal Protections for Health Information.
The new provisions are designed to create a minimum level of privacy for all protected health information. State laws that are more stringent than the federal HIPAA rules will remain in effect, but the new rules will preempt other state laws relating to health information privacy. Entities covered under the rules will be required to implement a number of policies and procedures designed to ensure that health information will be used or disclosed only as permitted by the rules. For example, most healthcare providers will have to obtain a written "consent" from an individual in order to use or disclose the individual's health information for treatment, payment or healthcare operations. Covered entities must obtain a separate written "authorization" to use or disclose health information for any other purpose. They also will have to designate a privacy officer who will help ensure that the entity meets the privacy requirements.
Most covered entities will have to comply with the rules by 2003. Although it may sound like a lot of time, the complexity of the regulations and the fundamental procedural and cultural changes many covered entities will be forced to undergo could take several months to implement. Because severe civil and criminal penalties may apply for failing to adhere to the rules, healthcare companies and providers should begin working now to come into compliance by the deadline.
Contributed by Shannon Hartsfield, Esq., chair of the Healthcare Law Committee for the Young Lawyers Division of the American Bar Association. She is an associate with Holland & Knight LLP, Tallahassee, FL, and can be reached at firstname.lastname@example.org
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Government Activity|
|Publication:||Health Management Technology|
|Date:||Apr 1, 2001|
|Next Article:||AHA Commission Charges the Challenge.|