
HIPAA’s Privacy Rule: The Health Insurance Portability and Accountability Act (HIPAA)
Pay close attention to the areas in italics, and come back for a question related to this topic on Friday!
a. Covered Entities: HIPAA regulations apply to “covered entities,” which include health care providers, health plans, and health care clearinghouses. As defined in HIPAA, “health care” includes counseling for mental conditions and a “health care provider” is any person who furnishes, bills, or is paid for health care in the regular course of their business.
b. Authorization: The Privacy Rule states that a written authorization from the patient is required before a provider discloses PHI except when the information is being disclosed for routine purposes related to treatment, payment, or health care operations (“TPO”) or in other legally defined situations (e.g., when disclosure is necessary to avert a serious threat to the health or safety of the patient or other person). The authorization must include a description of the information to be disclosed; indicate the name and function of the person/entity authorized to use the information; indicate the expiration date of the authorization; and include a statement informing the patient of his/her right to receive a copy of the authorization and to revoke it.
c. Patient Rights: The Privacy Rule grants patients the following rights:
• The Right to Inspect and Receive a Copy of Their PHI: For the most part, HIPAA regulations regarding a patient’s right to inspect and receive a copy of his or her health information... (More)