HIPAA Privacy & Security
2. Business Associates Section:
General Information about Privacy
One of the largest and most pervasive section of HIPAA is Privacy. Following is general information about HIPAA Privacy requirements.
- Compliance Date: April 14, 2003.
- Oversight agency: U.S. Department of Health and Human Services, Office of Civil Rights (OCR), regional auditors.
- Topics in HIPAA Privacy final rule (top items):
- Statutory basis
- Definitions of terms
- Preemption of state law
- Compliance / Enforcement
- Compliance reviews
- Covered entity responsibilities
- Use and disclosure of PHI, Protected Health Information
- Minimum necessary
- Agreed-upon restrictions
- De-identified PHI
- Business associates disclosure
- Deceased individuals
- Personal representatives
- Privacy Notice
- Business Associate Agreement
- Treatment, payment, or healthcare operations (TPO)
- When is authorization required
- When an individual is allowed to agree/ object
- Other requirements
- Limited data set
- Details of "Notice of Privacy"
- Access to one's own Protected Health Information (PHI)
- Amendment of PHI
- Accounting of PHI disclosures
- Administrative requirements
- General approaches to compliance:
- Business Associate Agreement. For some covered entities, the "Business Associate Agreement" is required. Read more under " Business Associates" section.
- Policies and procedures. Revised existing policies and procedures to reflect HIPAA requirement; created new ones to fill the gaps of missing items.
- Training. Training provided for our entire staff to become more aware of the HIPAA requirements, risks, and solutions.
- Utilize resources. Use of trust-worthy Websites (federal, state-level, non-profits and reputable private-sector efforts), hired contracted experts, work with the standard-setting and enforcement organizations (US Department of Health and Human Services - OCR and CMS agencies). Continually checked this website for the latest news and tools.
For details about the HIPAA Privacy requirements, you can read the following 42-page document that contains an abbreviated version of the entire Final Rule.