HIPAA Final Rule: Prohibited Uses and Disclosures–Sale of Protected Health Information

March 7, 2013.  Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus today is on the second of two prohibited uses and disclosures of protected health information in the…

READ MORE

HIPAA Final Rule: Covered Entities–Permitted Uses and Disclosures & Required Disclosures

March 4, 2013.  Today, we start going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus today is on covered entities in 45 CFR 164.502: Uses and disclosures of protected health information:  General…

READ MORE

HIPAA Final Rule: Modified Privacy Rule Definition–Payment

February 27, 2013.  Today, we start to examine definitions pertaining to the HIPAA Privacy Rule, and begin with payment, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the discussion in the Final Rule related to the proposed modification to the…

READ MORE

HHS Publishes HITECH Act Accounting of Disclosures NPRM

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has published in the May 31, 2011, Federal Register the Notice of Proposed Rule Making (NPRM) entitled HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act (76(104), pp. 31426-31449). This NPRM is available online in pdf.  Comments on the NPRM are requested to be submitted on or before August 1, 2011.  The Summary of the NPRM with abbreviations, as noted, on p. 31426, is: “HHS is issuing this NPRM to modify the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information.  The purpose of these modifications…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 14

From now through December, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

HITECH Privacy Provisions Include HIPAA Privacy Definitions and New or Broadened Concepts

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of Vendor of Personal Health Records

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of Use

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of Treatment

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of State

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE