|
|
OCR Guidance Explaining
Significant Aspects of the Privacy Rule -
December 4, 2002
Revised April 3, 2003
The Entire Guidance document is in the Adobe Acrobat
format (.pdf).
If you need the Acrobat Reader, it can be downloaded for free from
http://www.adobe.com/acrobat/readstep.html.
STANDARDS FOR PRIVACY OF
INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION
[45 CFR Parts 160 and 164]
Introduction
This guidance explains and answers questions about key elements
of the requirements of the HIPAA Standards for Privacy of Individually
Identifiable Health Information (the Privacy Rule). The Department
of Health and Human Services (HHS) published the Privacy Rule on
December 28, 2000, and adopted modifications of the Rule on August
14, 2002. The Privacy Rule (45 CFR Part 160 and Subparts A and E
of Part 164) provides the first comprehensive Federal protection
for the privacy of health information. All segments of the health
care industry have expressed support for the objective of enhanced
patient privacy in the health care system. The Privacy Rule, as
modified, is carefully balanced to provide strong privacy protections
that do not interfere with patient access to, or the quality of,
health care delivery.
The guidance that follows is meant to communicate as clearly as
possible the privacy policies contained in the Privacy Rule. For
a particular segment in the Privacy Rule, the guidance will provide
a brief explanation of the segment and how the Rule works, followed
by “Frequently Asked Questions” about that provision.
The guidance does not address all of the relevant provisions in
the Rule, although we anticipate adding segments in the future as
we develop guidance on more Privacy Rule standards. We will also
be adding to the “Frequently Asked Questions” on an ongoing
basis as new questions arise. HHS plans to work expeditiously to
address these additional questions to facilitate understanding of
the Rule and to encourage voluntary compliance with its requirements.
However, for a full understanding of one’s rights and responsibilities
under the Rule, it is important to consult the Rule itself.
The Privacy Rule Standards
Addressed
- General Overview
- Incidental Uses
and Disclosures (45 CFR 164.502(a))
- Minimum Necessary
(45 CFR 164.502(b), 164.514(d))
- Personal Representatives
(45 CFR 164.502(g))
- Business Associates
(45 CFR 164.502(e), 164.504(e), 164.532(d) and (e))
- Uses and Disclosures
for Treatment, Payment, and Health Care Operations (45 CFR 164.506)
- Marketing (45
CFR 164.501, 164.508(a))
- Public Health (45
CFR 164.512(b))
- Research (45
CFR 164.501, 164.508, 164.512(i), 164.514(e), 164.528, 164.532)
- Workers' Compensation
Laws (45 CFR 164.512(l))
- Notice (45 CFR
164.520)
- Government Access
(45 CFR Part 160, Subpart C, 164.512(f))
- Miscellaneous FAQs
|
 |
 |
