Questions about HIPPA Law
What is HIPPA Law? What are the two major rules of the Law?The two major rules are the Privacy rule and the Security rule. The Privacy Rule, which is located at 45 CFR Part 160 and Subparts A and E of Part 164, establishes national standards to protect individuals’ medical records and other personal health information. This applies to and covers health insurance plans, health care clearinghouses, and electronic transactions conducted by health care providers. Under this Rule a person’s personal health information needs to be protected and parameters are set on the usage and disclosures of such information. This Rule also provides rights to the patient over his or her health information and the rights to examine and obtain copies of health records and to request corrections.
The HIPAA Security Rule which is located at 45 CFR Part 160 and Subparts A and C of Part 164, requires national standards to protect individuals’ electronic personal health information that is generated, received, circulated, or maintained by a covered entity. It also stipulates the putting in place of appropriate administrative, physical and technical safeguards so that the confidentiality, integrity, and security of electronic protected health information is not compromised.
The following link provides more detailed information: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
What is the Statute of Limitations to report a HIPPA violation?The HIPPA Law states that any violation needs to be reported within 180 days of its occurrence. However, it can be extended by the Office for Civil Rights for a further 180 days if the complainant can show “good cause” for doing so.
Can a firm with an offshore office allow its offshore employees access to view or refer to the onshore office data of patients without violating HIPAA?It is advisable to disclose to the patient and get a written authorization from him/her as to what the onshore office intends to do with the data by allowing the offshore office employees to view it failing which this will amount to a violation of HIPPA laws since even just viewing of a patient’s private medical records without permission and a valid reason is not allowed. It would also be proper to consult a local lawyer who specializes in health care law to review the procedures and the contracts before proceeding.
A person wishes to start a non-profit organization to provide kids suffering with cancer with gifts. The kids’ information will be available online and will include their first names, diagnosis, and the hospitals they are being treated at. Will any of these be a violation of HIPPA?A HIPPA consent form needs to be filled out by each child or his or her parent or guardian failing which the promoter, the non-profit organization and even the hospital treating the patients will be held guilty of violating HIPPA.
Is asking a patient to furnish his or her social security number a violation of HIPPA?Since HIPPA deals primarily with the privacy and protection of a patient’s health information to third parties, seeking a patient’s social security number does not violate HIPPA.
Can a doctor be sued by a patient for a HIPPA violation?A HIPAA violation can only be reported and does not allow an individual to a private cause of action. An offence may be reported to the Office of Civil Rights which is part of the US Department of Health and Human Services which can fine the violator up to $50,000 for each violation.
Since HIPPA violations are usually violations of privacy of individuals who cannot pursue legal action, questions may arise as to how and to what extent the privacy of an individual or patient has been compromised. In such situations it is best to ask an Expert to clarify doubts and receive insights to information pertaining to the Law.