|
As required by the HIPAA Privacy Rule, provider offices/groups must train all members of their workforces on the policies and procedures with respect to protected health information (PHI) as necessary to carry out their function. Appropriate safeguards must be in place that provide security to PHI from an administrative, technical, and physical standpoint. Providers must reasonably safeguard PHI from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications, or other requirements of the standard.
Providers are permitted by the HIPAA Privacy Rule to make use and disclosure of an individual’s PHI for purposes of treatment, payment, and health care operations. PHI is the information created and obtained as providers deliver services to beneficiaries. Such information may include documentation of symptoms, examination and test results, diagnoses, treatments, and applying for future care or treatment. It also includes billing documents for those services.
In addition, providers are permitted to use PHI for health care operations without being required to obtain a release or authorization for activities such as quality assessment, quality improvement, outcome evaluation, protocol and clinical guidelines development, training programs, credentialing, medical review, legal services, and insurance.
Disclosures that do not have to be included for the HIPAA Privacy Rule include:
|
