|
|
|
|
HIPAA
OVERVIEW
Key Components
|
| |
|
The
Health Insurance Portability and Accountability Act (HIPAA) Privacy
Regulations establish strict guidelines covering all "use
and disclosure" of "protected health
information".
NOTE:
Research
does not
qualify as treatment, payment or health care operations and is
therefore subject to requiring approval or authorization in
order to use and disclose healthcare information.
|
| |
First,
let?s address: What is "Protected Health
Information" (PHI)?
Protected health information (PHI) is
defined as health information that meets the following 4
criteria:
| 1. |
Any health information created or received by the covered
entity or employer,
|
|
| 2. |
Information that relates to past, present or future
physical or mental health, provision of health care or
treatment, or past, present or future payment for
healthcare,
|
|
| 3. |
Health information that identifies the individual or it
could be reasonably assumed that the information could be
used to identify the individual,
|
|
| 4. |
Information that is maintained or transmitted in oral,
written or electronic formats.
|
|
Second, let?s address:
What is meant by
"use" and "disclosure"?
- A "use" happens within a health
care organization or other covered entity, and is under
direct control of that organization (when a nurse in a
clinical care setting is reviewing a patient?s health
information, he/she is "using" PHI.
- "Disclosure"
occurs when information is
given to someone who is not part of the organization?s work
force (which includes employees, contractors, and students of
the health care organization).
Third, under HIPAA Regulations there can be no
use or disclosure of PHI unless:
|
1.
|
It is for treatment, payment or health care operations,
|
|
| 2. |
It is used or disclosed with recognized method of
authorization (patient written authorization or an approved
waiver of authorization),
|
|
| 3. |
When a regulatory exception applies
(emergencies/disasters, public health reporting, etc).
|
|
|
|
|
|
