Questions & Answers

Are location information services of collection agencies, which are required under the Fair Debt Collection Practices Act, permitted under the HIPAA Privacy Rule?

Payment is broadly defined as activities by health plans or health care providers to obtain premiums or obtain or provide reimbursements for the provision of health care. The activities specified are by way of example and are not intended to be an exclusive listing. Billing, claims management,...

How is the Health Breach Notification Rule Enforced?

§318.7 Enforcement. A violation of this part shall be treated as an unfair or deceptive act or practice in violation of a regulation under §18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)) regarding unfair or deceptive acts or practices. For more information, see here: https...

My State requires consent to use or disclose health information. Does the HIPAA Privacy Rule take away this protection?

No. The Privacy Rule does not prohibit a covered entity from obtaining an individual's consent to use or disclose his or her health information and, therefore, presents no barrier to the entity's ability to comply with State law requirements. These materials were obtained directly from the Federal...

What are the Methods of Notice in the Health Breach Notification Rule?

§318.5 Methods of notice. (a) Individual notice. A vendor of personal health records or PHR related entity that discovers a breach of security shall provide notice of such breach to an individual promptly, as described in §318.4, and in the following form: (1) Written notice, by first-class mail to...

What are the Permitted Uses and Disclosures in the HIPPA Rule?

A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: Disclosure to the individual (if the information is required for access or accounting of disclosures, the entity MUST...

What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of protected health information?

The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form. See 45 CFR 164.530(c). This means that covered entities must implement reasonable safeguards to limit...

What does the HIPAA Security Rule protect?

While the HIPAA Privacy Rule safeguards protected health information (PHI), the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form...

What is the Breach Notification Requirement in the Health Breach Notification Rule?

§318.3 Breach notification requirement. (a) In general. In accordance with §§318.4, 318.5, and 318.6, each vendor of personal health records, following the discovery of a breach of security of unsecured PHR identifiable health information that is in a personal health record maintained or offered by...

What is the Content of Notice required in the Health Breach Notification Rule?

§318.6 Content of notice. Regardless of the method by which notice is provided to individuals under §318.5 of this part, notice of a breach of security shall be in plain language and include, to the extent possible, the following: (a) A brief description of what happened, including the date of the...

What is the HIPAA Privacy Rule?

The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals...

Search form

Search form

Search form

Questions & Answers

Sign Up For Our Newsletter