About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

31 J.L. Med. & Ethics 70 (2003)
The HIPAA Privacy Rule: Reviewing the Post-Compliance Impact on Public Health Practice and Research

handle is hein.journals/medeth31 and id is 814 raw text is: The HIPAA Privacy Rule: Reviewing the Post-Compliance Impact on Public Health Practice and Research Lora Kutkat, James G. Hodge, Jr., Thomas Jeffry, Jr., and Diana M. Bontdt (Moderator) Diana M. Bontd C urrent economic conditions have coincided with the implementation of the Health Insurance Portability and Accountability Act (HIPAA) and forced public health officials to consider how to ethically incorporate compliance into their already strained budgets, while main- taining the integrity and intent of the legislation. Lora Kutkat As of April 14, 2003, the HIPAA Privacy Rule provides a new federal floor of protections for personal health information. The Privacy Rule establishes standards for the protec- tion of health information held by many physi- cians' offices, health plans, and health care clear- inghouses. The Rule protects personal health information by establishing conditions regulating the use and disclosure of individually identifiable health information by these entities, also referred to as covered entities. The Rule does not prevent the daily operations of health care establishments (i.e., the treatment of patients and the collection of payment). These activities are considered routine, expected operations in health care estab- lishments, and as such, an individual's permission is not required under the Privacy Rule when personal health information is used for these, and limited other, purposes. The Privacy Rule applies only to those organi- zations and individuals that qualify as covered entities. The Privacy Rule's application to research is determined by whether a covered entity is conducting the research. If research is being conducted by a covered entity, then the HIPAA regulations generally apply to that covered entity's uses and disclosures of protected health information for research. On the other hand, many researchers who collect and release personal health information will not have to comply with the Privacy Rule because they will not be covered entities. Most individually identifiable health informa- tion held by covered entities, referred to as protected health information (PHI), is protected by the Privacy Rule. PHI exists only when three elements occur simultaneously: when health information with an identifier (e.g., name, address, social security number, date of birth, or other knowledge that the health information is individually identifiable) is held or maintained by a covered entity. The Privacy Rule does not apply when one or more of these elements is missing. Under the Privacy Rule, research conducted by a covered entity must generally be conducted with an individual's authorization. There are several exceptions to this rule, however. For example, the Privacy Rule sets standards to de-identify health information and create a limited dataset. A limited dataset is protected health information minus direct identifiers and may be used or disclosed for research and public health activities when a data use agreement is in effect between the covered entity and the recipient of the information. In addition, an Institutional Review Board (IRB) or a privacy board may waive the authorization requirement, a process slightly dif- ferent from waiving informed consent. IRBs and privacy boards can waive authorization when it

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most