31 J.L. Med. & Ethics 70 (2003)
HIPAA Privacy Rule: Reviewing the Post-Compliance Impact on Public Health Practice and Research, The; Kutkat, Lora; Hodge, James G. Jr.; Jeffry, Thomas Jr.; Bonta, Diana M.

handle is hein.journals/medeth31 and id is 814 raw text is: The HIPAA Privacy Rule: Reviewing
the Post-Compliance Impact on Public
Health Practice and Research

Lora Kutkat, James G. Hodge, Jr., Thomas Jeffry, Jr.,
and Diana M. Bontdt (Moderator)

Diana M. Bontd
C urrent economic conditions have coincided
with the implementation of the Health
Insurance Portability and Accountability Act
(HIPAA) and forced public health officials to
consider how to ethically incorporate compliance
into their already strained budgets, while main-
taining the integrity and intent of the legislation.
Lora Kutkat
As of April 14, 2003, the HIPAA Privacy
Rule provides a new federal floor of
protections for personal health information. The
Privacy Rule establishes standards for the protec-
tion of health information held by many physi-
cians' offices, health plans, and health care clear-
inghouses. The Rule protects personal health
information by establishing conditions regulating
the use and disclosure of individually identifiable
health information by these entities, also referred
to as covered entities. The Rule does not prevent
the daily operations of health care establishments
(i.e., the treatment of patients and the collection
of payment). These activities are considered
routine, expected operations in health care estab-
lishments, and as such, an individual's permission
is not required under the Privacy Rule when
personal health information is used for these, and
limited other, purposes.
The Privacy Rule applies only to those organi-
zations and individuals that qualify as covered
entities. The Privacy Rule's application to
research is determined by whether a covered entity
is conducting the research. If research is being

conducted by a covered entity, then the HIPAA
regulations generally apply to that covered
entity's uses and disclosures of protected health
information for research. On the other hand,
many researchers who collect and release personal
health information will not have to comply with
the Privacy Rule because they will not be covered
entities.
Most individually identifiable health informa-
tion held by covered entities, referred to as
protected health information (PHI), is protected
by the Privacy Rule. PHI exists only when three
elements occur simultaneously: when health
information with an identifier (e.g., name,
address, social security number, date of birth, or
other knowledge that the health information is
individually identifiable) is held or maintained by
a covered entity. The Privacy Rule does not apply
when one or more of these elements is missing.
Under the Privacy Rule, research conducted
by a covered entity must generally be conducted
with an individual's authorization. There are
several exceptions to this rule, however. For
example, the Privacy Rule sets standards to
de-identify health information and create a limited
dataset. A limited dataset is protected health
information minus direct identifiers and may be
used or disclosed for research and public health
activities when a data use agreement is in effect
between the covered entity and the recipient of the
information. In addition, an Institutional Review
Board (IRB) or a privacy board may waive the
authorization requirement, a process slightly dif-
ferent from waiving informed consent. IRBs and
privacy boards can waive authorization when it

Purchase Short-Term Access to HeinOnline

Prices starting as low as $29.95

Already a Subscriber?

What Is HeinOnline?

Learn More About the Law Journal Library (pdf)

We also offer annual subscriptions to universities, colleges, law firms, organizations, and other institutions. To request a quote please visit http://home.heinonline.org/subscriptions/request-a-quote/

Please note: the content in the Law Journal Library is constantly changing and some content has restrictions as required per the license. Therefore, please review the available content via the following link to ensure the material you wish to access is included in the database. For a complete list of content included in the Law Journal Library, please view http://www.heinonline.org/HOL/CSV.csv?index=journals&collection=journals