Law Journal Library - Skip to main content
Content Start

Click here to view short-term subscription options to access this document.

31 J.L. Med. & Ethics 70 (2003)
The HIPAA Privacy Rule: Reviewing the Post-Compliance Impact on Public Health Practice and Research

handle is hein.journals/medeth31 and id is 814 raw text is: The HIPAA Privacy Rule: Reviewing
the Post-Compliance Impact on Public
Health Practice and Research

Lora Kutkat, James G. Hodge, Jr., Thomas Jeffry, Jr.,
and Diana M. Bontdt (Moderator)

Diana M. Bontd
C urrent economic conditions have coincided
with the implementation of the Health
Insurance Portability and Accountability Act
(HIPAA) and forced public health officials to
consider how to ethically incorporate compliance
into their already strained budgets, while main-
taining the integrity and intent of the legislation.
Lora Kutkat
As of April 14, 2003, the HIPAA Privacy
Rule provides a new federal floor of
protections for personal health information. The
Privacy Rule establishes standards for the protec-
tion of health information held by many physi-
cians' offices, health plans, and health care clear-
inghouses. The Rule protects personal health
information by establishing conditions regulating
the use and disclosure of individually identifiable
health information by these entities, also referred
to as covered entities. The Rule does not prevent
the daily operations of health care establishments
(i.e., the treatment of patients and the collection
of payment). These activities are considered
routine, expected operations in health care estab-
lishments, and as such, an individual's permission
is not required under the Privacy Rule when
personal health information is used for these, and
limited other, purposes.
The Privacy Rule applies only to those organi-
zations and individuals that qualify as covered
entities. The Privacy Rule's application to
research is determined by whether a covered entity
is conducting the research. If research is being

conducted by a covered entity, then the HIPAA
regulations generally apply to that covered
entity's uses and disclosures of protected health
information for research. On the other hand,
many researchers who collect and release personal
health information will not have to comply with
the Privacy Rule because they will not be covered
Most individually identifiable health informa-
tion held by covered entities, referred to as
protected health information (PHI), is protected
by the Privacy Rule. PHI exists only when three
elements occur simultaneously: when health
information with an identifier (e.g., name,
address, social security number, date of birth, or
other knowledge that the health information is
individually identifiable) is held or maintained by
a covered entity. The Privacy Rule does not apply
when one or more of these elements is missing.
Under the Privacy Rule, research conducted
by a covered entity must generally be conducted
with an individual's authorization. There are
several exceptions to this rule, however. For
example, the Privacy Rule sets standards to
de-identify health information and create a limited
dataset. A limited dataset is protected health
information minus direct identifiers and may be
used or disclosed for research and public health
activities when a data use agreement is in effect
between the covered entity and the recipient of the
information. In addition, an Institutional Review
Board (IRB) or a privacy board may waive the
authorization requirement, a process slightly dif-
ferent from waiving informed consent. IRBs and
privacy boards can waive authorization when it

Already a Subscriber?

What Is HeinOnline?

HeinOnline is the world’s largest image-based and fully searchable legal and academic research database. Material contained in HeinOnline is an exact replication of the original printed product, and coverage is typically comprehensive. Contact us today for a free demo of this incredible resource.

We offer annual subscriptions to all HeinOnline collections to universities, colleges, law firms, individuals, and other institutions. To request a quote or trial, please click here.

Please note: the content in the Law Journal Library is constantly changing and some content has restrictions as required per the license. Therefore, please review the available content via the following link to ensure the material you wish to access is included in the database. For a complete list of content included in the Law Journal Library, please click here.

Learn More About the Law Journal Library (pdf)
Back To Top Jump To Bottom