Lists Public Hearings ListCommuncationsStories Libraries Org ChartsConnections NewslettersLegislative DocumentsChange Of PlacementIT PoliciesNews Release ArchiveOlmstead Documents Claims PortalDashboardsPress ReleasesSearchRecent Nebraska DHHS: HIPAA: 3. Bus. Associate Section: About Privacy Page Content User TypeConsumer Associates Quick Links Privacy Notice What isHIPAA? Contact Us HIPAA Privacy & Security 2. Business Associates Section: General Information about Privacy One of the largest and most pervasive section of HIPAA is Privacy. Following is general information about HIPAA Privacy requirements. Compliance Date: April 14, 2003. Oversight agency: U.S. Department of Health and Human Services, Office of Civil Rights (OCR), regional auditors. Topics in HIPAA Privacy final rule (top items): Statutory basis Definitions of terms Preemption of state law Compliance / Enforcement Complaints Compliance reviews Covered entity responsibilities Use and disclosure of PHI, Protected Health Information Minimum necessary Agreed-upon restrictions De-identified PHI Business associates disclosure Deceased individuals Personal representatives Privacy Notice Business Associate Agreement Treatment, payment, or healthcare operations (TPO) When is authorization required When an individual is allowed to agree/ object Other requirements Limited data set Fundraising Details of "Notice of Privacy" Access to one's own Protected Health Information (PHI) Amendment of PHI Accounting of PHI disclosures Administrative requirements Personnel Training Safeguards Documentation General approaches to compliance: Business Associate Agreement. For some covered entities, the "Business Associate Agreement" is required. Policies and procedures. Revised existing policies and procedures to reflect HIPAA requirement; created new ones to fill the gaps of missing items. Training. Training provided for our entire staff to become more aware of the HIPAA requirements, risks, and solutions. Utilize resources. Use of trust-worthy Websites (federal, state-level, non-profits and reputable private-sector efforts), hired contracted experts, work with the standard-setting and enforcement organizations (US Department of Health and Human Services - OCR and CMS agencies). Continually checked this website for the latest news and tools. For details about the HIPAA Privacy requirements, you can read the following 42-page document that contains an abbreviated version of the entire Final Rule. Standards for Privacy of Individually Identifiable Health Information (45 CFR Parts 160 and 164), Regulation Text This is an abbreviated version of the Privacy regulation's language, from U.S. Department of Health and Human Services, Office for Civil Rights (OCR). You may use this document to understand specifically what HIPAA is requiring.