elsi

about elsi - requirements - credits

background - implications - perception framework- narratives and stories - review

dna basics - terminology - timeline - review

dna testing - genetics - genomics - review

records - privacy - pathways- review

ethics - authority - review

know thyself - page4 - page3

for teachers - page4 - page3

medical records

Privacy and Confidentiality Laws

These laws do not provide adequate protection against the misuse or mishandling of health related information. For example, no law prohibited the disclosure of health or disease information to commercial entities that market pharmaceuticals or therapies. To address this deficiency along with portability of health insurance, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created. HIPAA provides assurance that PHI is safeguarded as it passes through a variety of media.

HIPAA sets rules and standards in three broad areas:

Insurance Portability – Guarantees that persons moving from one group health plan to another have continuity of coverage and prohibits denial of coverage under pre-existing-condition clauses.

Fraud Enforcement - Increases civil and criminal penalties for specified violations of confidentiality and privacy.

Administrative Simplification - Provides rules and procedures for maintaining privacy and confidentiality of protected health information (PHI). It is also important to note that HIPAA specifies sanctions and punishments for individuals and organizations that fail to keep PHI confidential. The Office of Civil Rights of the U.S. Department of Health and Human Services enforces HIPAA. The organizations that handle medical records, (now called PHI) are called “covered entities” in the law and include health care providers, insurance providers, pharmacists and HMOs.

HIPAA was implemented in 2003 providing:

• Patients more control of their health information.

• Boundaries for covered entities in the use and release of PHI.

• Safeguards that health care providers and others must use to protect privacy of PHI.

• Clear penalities for privacy rights violations.

• A balance between personal privacy rights and the public necessity to disclose some forms of data to protect public health.

Patients have the right:

• To examine and obtain a copy of their medical records with some exceptions, (e.g. psychotherapy notes, research data).

• To restrict information released by covered entities to the minimum needed for the requested purpose. (e.g. the result of a request for fitness to work medical examination might include the most recent physical examination summary and not the entire medical history of a person).

• To find out how their PHI is used and what disclosures have been made (e.g. the doctors office must keep a record of who requested a person’s records and for what purpose).

Covered Entities include:

1. Health plans (employer based and commercial)

2. Health care clearing houses (for health care payments/billing)

3. Health care providers

4. Clinical laboratories and subcontractors

5. Business associates (attorneys, auditors)

Previous: Privacy - Next: Financial v. Medical Privacy

A project of the Community Outreach and Education Program of the
NIEHS Center for Research on Environmental Disease at
The University of Texas M. D. Anderson Cancer Center
Science Park - Research Division at Smithville
© 2005 The University of Texas M. D. Anderson Cancer Center.
Site design by LiveAir Networks