Printer Friendly

Federal Protections for Health Information.

On Dec. 28, 2000, the Department of Health and Human Services, unveiled sweeping new protections for individually identifiable patient information. The new federal privacy rules, which implement portions of the Health Insurance Portability and Accountability Act (HIPAA), will have a dramatic impact on the way healthcare entities do business. The regulations apply to health clearinghouses and all but the smallest health plans. Healthcare providers will have to comply with the rules if they transmit any health information in electronic form in connection with certain "standard transactions," including healthcare payment and remittance advice, health claims status, and referral certification and authorization.

The new provisions are designed to create a minimum level of privacy for all protected health information. State laws that are more stringent than the federal HIPAA rules will remain in effect, but the new rules will preempt other state laws relating to health information privacy. Entities covered under the rules will be required to implement a number of policies and procedures designed to ensure that health information will be used or disclosed only as permitted by the rules. For example, most healthcare providers will have to obtain a written "consent" from an individual in order to use or disclose the individual's health information for treatment, payment or healthcare operations. Covered entities must obtain a separate written "authorization" to use or disclose health information for any other purpose. They also will have to designate a privacy officer who will help ensure that the entity meets the privacy requirements.

Most covered entities will have to comply with the rules by 2003. Although it may sound like a lot of time, the complexity of the regulations and the fundamental procedural and cultural changes many covered entities will be forced to undergo could take several months to implement. Because severe civil and criminal penalties may apply for failing to adhere to the rules, healthcare companies and providers should begin working now to come into compliance by the deadline.

Contributed by Shannon Hartsfield, Esq., chair of the Healthcare Law Committee for the Young Lawyers Division of the American Bar Association. She is an associate with Holland & Knight LLP, Tallahassee, FL, and can be reached at
COPYRIGHT 2001 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2001 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Government Activity
Author:Hartsfield, Shannon
Publication:Health Management Technology
Geographic Code:1USA
Date:Apr 1, 2001
Previous Article:Briefly.
Next Article:AHA Commission Charges the Challenge.

Related Articles
Yet another health care battle.
Buddy up with a lawyer, it's compliance time.
Privacy in the private sector.
Protecting Online Privacy to Avoid Liability.
Proposed homeland security department: what it means to state and local governments. (Federal Focus).
The electronic health record in Canada: the first steps.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters