Is Your Organization Subject to the Medical Privacy Rule?
New Federal Regulations issued by the U.S. Health and Human Services
Department implement certain privacy protections required by Health Insurance
Portability and Accountability Act of 1996. The compliance date is April 14,
2003.
Referred to as "The Privacy Rule," the regulations define certain new
privacy rights for patients, detail limits on use and disclosure of health
information and required affected organizations to implement privacy policies.
Violators will be subject to civil and criminal penalties which can go as high
as $250,000 and 10 years in prison.
A covered entity subject to the Privacy Rule is defined by the rule to mean:
- A health plan,
- A health care clearing house,
- A healthcare provider who transmits any
health information in electronic form in connection with transaction covered by
the rule
- certain Business Associates who handle
protected health information for other covered entities.
What to do if your organization is
subject to the Medical Privacy Rule
|
