View Single Post
Old January 17, 2013, 10:57 PM   #15
Senior Member
Join Date: December 4, 2009
Location: Frozen Tundra
Posts: 2,414
Here are some general HIPPA Notes:

The HIPPA act of 1996 has two main parts.
Title I – protects health insurance coverage for workers and their families if they change or lose their job.
Title II – known as the administrative simplification provisions, requires the establishment of national standards for electronic healthcare transactions and national data identifiers for providers.

Title II Has the Most Significant Impact on IT Departments. The following title II rules directly affect on IT department:
• Privacy rule
• Transaction and Codes Set Rule
• Unique Identifier Standards Rule
• Security Rule
• Enforcement Rule

Privacy Rule: governed by the Health and Human Services Office for Civil Rights (OCR)
The privacy rule took effect on 14 April 2003. Its establishes regulation for the use and disclosure of Protected Health Information (PHI). If you apply serialization, you must protect this medical information and it may only be disclosed in the following circumstances:
• The individual within 30 days of a request.
• When the covered entity has obtained written permission of the individual.
• When required by law.
• To facilitate treatment, payment, or health care operations.

When disclosing PHI, it's a covered entity's responsibility to disclose the minimum amount of information necessary.
When information flows over public networks, you must apply some form of encryption, if the information is on a closed network, and access controls are sufficient then encryption is optional.

All this education is good for some things!

Im not a lawyer but I have training on the technical side of this... My guess is that if a doctor or whoever discloses you have some prohibitive condition but you are actually not being treated by that doctor for the condition or being referred for treatment for the prohibitive condition it might be illegal for the doctor to reveal it.... Again I am not a lawyer, this is not legal advice... just my thoughts.

HIPAA defines health information as
Created by or received by:
• Health Care Providers
• Health Plans
• Public health authorities
• Employers
• Life Insurers
• Schools or Universities
• Health Care Clearinghouses
And relates to the health of an individual, including:
• Past, present or future health
• Physical health, mental health, or condition of an individual
• Past, present or future payments for health care
Molon Labe

Last edited by BGutzman; January 18, 2013 at 04:40 PM.
BGutzman is offline  
Page generated in 0.08705 seconds with 7 queries