Health Insurance Portability and Accountability Act of 1996 (HIPAA)
All of the entities at Dalton Surgical covered by the HIPAA Privacy and Security Rules — medical centers, medical clinics, health care providers, health plans, student health centers — are a single entity for purposes of compliance with HIPAA. However, the research function is excluded from HIPAA coverage at Dalton Surgical. Accordingly, research health information that is not associated with a health care service is not subject to the HIPAA Privacy and Security Rules. Other state and federal laws govern privacy and confidentiality of personal health information obtained in research.
HIPAA Privacy Compliance. The HIPAA Privacy Rule, effective April 14, 2003, established national standards to guard the privacy of a patient’s protected health information. Protected health information includes:
- Information created or received by a health care provider or health plan that includes health information or health care payment information plus information that personally identifies the individual patient or plan member.
- Personal identifiers include: a patient’s name and email, web site and home addresses; identifying numbers (including Social Security, medical records, insurance numbers, biomedical devices, vehicle identifiers and license numbers); full facial photos and other biometric identifiers; and dates (such as birth date, dates of admission and discharge, death).
HIPAA Security Compliance. The HIPAA Security Rule, effective April 20, 2005, requires that workforce members adhere to controls and safeguards to: (1) ensure the confidentiality, integrity and availability of confidential information; and (2) detect and prevent reasonably anticipated errors and threats due to malicious or criminal actions, system failure, natural disasters and employee or user error. Such events could result in damage to or loss of personal information, corruption or loss of data integrity, interruption of University activities, or compromise to the privacy of the University patients or employees and its records.
Scope – Who is subject to HIPAA at Dalton Surgical? HIPAA regulations apply to employees, health care providers, trainees and volunteers at Dalton Surgical medical centers and affiliated health care sites or programs and employees who work with Dalton Surgical health plans. HIPAA regulations also apply to anyone who provides financial, legal, business, or administrative support to Dalton Surgical health care providers or health plans.