The HIPAA Privacy Rule creates national standards to protect individuals' medical records and other personal health information and to give patients more control over their health information. It sets limits on the use and release of health records. It establishes safeguards that providers and health plans must implement to protect the privacy of health information. The Privacy Rule provides that, in general, a covered entity may not use or disclose an individual's healthcare information without permission except for treatment, payment, or healthcare operations. The Privacy Rule will require the average healthcare provider or health plan to do the following:
Notify patients about their privacy rights and how their information can be used.
Adopt and implement privacy procedures for its practice, hospital, or plan.
Train employees so that they understand privacy procedures.
Designate an individual to be responsible for seeing that privacy procedures are adopted and followed.
Secure records containing individually identifiable health information so that they are not readily available to those who do not need them.
The rule also provides for reduced compliance for plans that share limited information with the plan sponsor. Other related regulations provide requirements for the security of health information; national standards for electronic healthcare transactions; and national identifiers for providers, health plans, and employers.
The HIPAA Privacy Rules and FMLA Administration
The U.S. Department of Health and Human Services recently issued new rules providing
comprehensive federal protection for the privacy of health information. How will they affect administration of the Family and Medical Leave Act?
Guidance Issued for Bona Fide Wellness Programs
Finally, several government agencies have proposed some new regulations that put to rest what, exactly, constitutes a bona fide wellness program.
Final Rules on HIPAA Nondiscrimination Provisions Published
The Department of Labor's Employee Benefits Security Administration (EBSA), the Internal Revenue Service, and the Department of Health and Human Services have published final rules that provide guidance in complying with the nondiscrimination provisions of the Health Insurance Portability and Accountability Act (HIPAA).
