In pursuant to our last article (link here- https://worldprivacylaw.com/?p=910) now we shall discuss the applicability of HIPAA and briefly discuss the notice dated 14th April 2003 regarding the privacy practices.
Application of HIPAA
Since the provisions of HIPAA apply to covered entities and their business associates. Covered entities are of three kinds- (1) Health Care Providers, (2) Health Plans and (3) Health Care Clearinghouses.
Business associates are the one who creates, receives, maintains or transmits protected health information (PHI) on behalf of a covered entity or other business associates acting as a subcontractor.
In 2003, the federal government of the USA came up with a notice (notification) as we mentioned in our last article and provided some privacy practices that we will discuss today in brief. The said notice described the ways by which covered entities and their business associates may use and disclose the health information about their patients.
Commitment to Protect the Health information about patients:
The HIPAA rules require that the covered entities and their business associates must protect the privacy of health information that identifies a patient, or where there is a reasonable basis to believe the information can be used to identify a patient. This information is called protected health information or PHI. The notice described the rights of patients and obligations of covered entities and business associates with respect to the use and disclosure of PHI.
The covered entities and business associates are required by law to –
- Maintain the privacy of PHI about patients
- Give patients the notice about the legal duties and privacy practices with respect to PHI and
- Comply with the terms and of Notice of privacy practices which are currently in effect.
In case when the notice is changed, covered entities and business associates are mandated to post a copy of such change at their prominent location.
Picture Credit- https://fortifiedhealthsecurity.com