Upcoming Webinars 

Disclaimer

The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Menu
Log in


Log in

HIPAA Privacy Rule 

The Privacy Rule addresses the use and disclosure of individuals’ protected health information by covered entities as well as standards for individuals' privacy rights and control over their health information.

The main purpose of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well-being. The rule permits important uses of information, while protecting the privacy of people who seek care and healing.

Who must follow the Privacy Rule?

  • Healthcare Providers
  • Healthcare Plans
  • Healthcare Clearinghouses

What is Protected Health Information?

  • Protected Health Information
  • De-Identified Information

What are the organizational requirements under the rule?

  • Designate a Privacy Official
  • Workforce Training
  • Data Safeguards
  • Complaints
  • Workforce Sanctions
  • Refraining from intimidating or retaliatory acts
  • Mitigation
  • Waiver of Rights
  • Policies and Procedures
  • Changes to Policies and Procedures
  • Documentation

Notice of Privacy Practices 

  • Delivery of the Notice
  • Content of the Notice

Uses and Disclosures

  • Treatment, Payment, Health Care Operations
  • When Authorization is Required
  • Requirements for a Valid Authorization
  • Patient has the Opportunity to Agree or Object
  • Authorization or Opportunity to Agree or Object is Not Required
  • De-Identification of Protected Health Information

Minimum and Necessary Rule

  • Minimum necessary uses of protected health information
  • Minimum necessary disclosures of protected health information
  • Minimum necessary requests for protected health information
  • Other content requirement

Limited Data Sets

  • Limited data set
  • Permitted purposes for uses and disclosures
  • Data use agreement

Patient Rights under the Privacy Rule

    • Rights to Request Privacy Protection for Protected Health Information
    • Access to Protected Health Information
    • Amendment of Protected Health Information
    • Accounting of Disclosures of Protected Health Information
Powered by Wild Apricot Membership Software