HIPAA

Current

Medical Privacy
On August 14, the Department of Health and Human Services published final modifications to the Medical Privacy Rule, based on the more than 11,000 public comments received on the March 27 notice of proposed rulemaking. The Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) took effect on April 14, 2001. The Privacy Rule creates national standards to protect individuals' personal health information and gives patients increased access to their medical records. As required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. The privacy rule regulates how these "covered entities" may use and disclose identifiable health information for routine (e.g., treatment, payment) and non-routine (e.g., research, marketing) purposes. Most covered entities must comply with the Privacy Rule by April 14, 2003. Small health plans have until April 14, 2004 to comply with the Rule. More >>

Related Resources

• Standards for Privacy of Individually Identifiable Health Information; Final Rule (8/14/02)
• Guidelines for Academic Medical Centers on Security and Privacy

Also on Government Affairs

• Research

AAMC Documents

• HIPAA Testimony & Correspondence Listing
• April 11, 2002 AAMC Comment Letter on Privacy NPRM