Go to AAPM&R home page Go to AAPM&R home page Go to AAPM&R home page
     
Click Here to Search
MEMBER CENTER CONDITIONS & TREATMENT FIND A PM&R PHYSICIAN FOUNDATION FOR PM&R
 ARCHIVES OF PM&R
What is a Physiatrist?
About AAPM&R
 

Legislative, Business and Clinical Practice Issues
 
  Legislation & advocacy
Regulation
Practice resources
Practice guidelines
Clinical pathways
Performance Measures Resources
State societies
 
Annual Assembly
Medical Education
Physiatrists' Job Board
PASSOR
Residents
Medical Students
Media Room
Industry Opportunities
Contact Us

 
Home  |  Legislative, Business and Clinical Practice Issues  |  Practice Resources  | 
 

Final HIPAA Privacy Rule Published

In Brief: The Department of Health and Human Services (HHS) recently published the final Privacy Rule that is part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
On August 14, 2002, HHS Secretary Tommy Thompson announced publication of the final HIPAA Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule).  Physicians and other covered entities must comply with the Privacy Rule by April 14, 2003, with the exception of small health plans, which have until April 14, 2004, to comply.

Numerous changes, outlined below, were made in the final rule that ease the paperwork burden on covered entities while maintaining the privacy of patients’ medical records.  HIPAA is intended to provide a minimum base of privacy protection.  State and federal laws that provide stronger protections will still apply and supplement the HIPAA regulations.
 

  • Marketing:  Under the final rule, covered entities are required to obtain an individual’s written authorization before using protected health information for marketing purposes with the exception of face-to-face encounters or marketing involving a promotional gift of nominal value such as an educational pamphlet.  Covered entities may not sell lists of patients or disclose protected health information to a third party for marketing purposes without an individual’s authorization.
     
  • Consent and Notice:  The final rule makes patient consent optional for treatment, payment, and health care operations.  However, it is mandatory for covered entities to notify patients of the patient’s privacy rights and the covered entity’s privacy practice.  Written patient authorization is required for use of protected health information beyond treatment, payment, and health care operations.
     
  • Parents and Minors:  Overall, the Privacy Rule allows parents new rights to maintain control of their children’s protected health information.  However, the final rule indicates that state or other applicable law covers the area of parental access to the medical records of minors.  In cases when state law does not exist or is vague, a health care provider maintains the right to exercise professional discretion in providing access to medical records as long as the decision conforms to state or other applicable law.
     
  • Incidental Use and Disclosure:  The Privacy Rule acknowledges that incidental use or disclosure of protected health information may occur and will not be considered in violation of the rule as long as the covered entity has met the minimum necessary requirements for protecting health information.

The final rule is available online at http://www.hhs.gov/ocr/hipaa/.  The Academy will continue to provide information on HIPAA compliance in upcoming issues of The Physiatrist as well as on the Academy Web site at www.aapmr.org.  For additional information on HIPAA, contact the Academy national office at (312) 464-9700 or info@aapmr.org.

 

 

 Site Map  •   Contact Us  •   Privacy Policy  •   Disclaimer
330 North Wabash Ave., Suite 2500, Chicago, IL 60611-7617 Copyright ©2008 AAPM&R All Rights Reserved