2011 Updates to HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996. HIPAA required the Secretary of HHS to issue privacy regulations for individually identifiable health information, if Congress did not enact such legislation within three years of the passage of HIPAA. Congress did not enact the aforementioned privacy legislation and HHS, through notice and comment rulemaking, implemented the Privacy Rule on December 28, 2000. HHS modified the Privacy Rule in 2002.
The basic purpose of the Privacy Rule is to identify the situations and limitations in which an individual’s protected heath information may be used or disclosed by covered entities. A covered entity may not use or disclose protected health information, except either: (1) as permitted or required under the Privacy Rule; or (2) as the individual who is the subject of the information (or the individual’s personal representative) authorizes in writing.
For more information regarding HIPAA please see the following references from the Centers for Medicare & Medicaid Services (CMS), the Department of Health and Human Services (HHS) and the Government Printing Office (GPO).
Are you a covered entity? Primers from CMS and HHS on the topic.
HIPAA Update from May 31, 2011:
The proposed HIPAA change allows people to know who accessed their health information.