Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The purpose of this law is to protect the private information of individual health from being disclosed to third parties without the consent of the individual. Except in unusual circumstances, consent must be in writing.
However, there are some exceptions to provide consent. The consent provision does not apply if:
- Treatment
- Billing
- Quality assurance
- Peer review
- Business planning
- Staff training
- Request for reporting to public health agencies
- Some emergency situations
- Research studies that have obtained a wavier from the Review Board (IRB)
Search
Private health information can be used in research studies if you de-individualized "so that the identity of the individual can not be ascertained from the information released. For example, if you were conducting a study of lung problems suffered by New Yorkers after the 911 terrorist attacks, Would it be allowed to identify as a patient, a 50 years old, 5'11 ', 175 pounds, while the male from New York City with high blood pressure.
Marketing
Healthcare providers are prohibited from selling or using their patient lists or members to market products from third parties. However, they can use their list to communicate or sell their services to their list members. Great care must be taken to restrict access when using online collaboration, such as an intranet (http://www.trichys.com).
Business Associates
All business partners, vendors or other contractors using the structure of health care provider must sign a contract stating they understand and agree to be bound by HIPAA. The health care provider can be held liable for the actions of business partner if it did not sign a contract or there was a history of abuse and health care noted in this regard.
Individual rights
Under HIPAA, individuals have the right to:
- Notice of privacy practices of health care provider
- Request for restrictions on who can access their health information
- Access, inspect or copy their personal health information
- Request for accounting of all disclosures of their health information
- Request for corrections or changes to data in their health
Health Care Provider Responsibilities
Health professionals are required to:
- Ensure the safety of both paper and electronic individual health information
- Establish a complaint process to investigate complaints
- Train staff on the law
The HIPAA regulations allow for both civil sanctions and monetary penalties for violations of the law.
No comments:
Post a Comment