About Privacy Office

NJMS and HIPAA’s Privacy Rule
The privacy provisions of the federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), establish nationwide standards concerning confidentiality of an individual’s health information. In a nutshell, the Privacy Rule defines appropriate and inappropriate disclosures of an individual’s confidential health information (commonly referred to as “PHI”) and establishes certain practices and procedures to protect an individual’s privacy rights. Significant protections included in the Privacy Rule include:
• Limitations on the non-consensual use and release of private health information;
• Establishment of new rules requiring that patients are provided with a Notice of Privacy Practices that governs disclosures of PHI;
• Provisions granting patients new rights to access their medical records and to know who else has accessed them;
• Restrictions on most disclosures of health information to the minimum needed for the intended purpose; and
• Establishment of new rules governing disclosures of PHI to business partners.
It is NJMS’s policy that each employee that has direct or indirect contact with a patient’s PHI comply with HIPAA and the statute’s Privacy Rule. Failure to comply with this rule can result in disciplinary actions against employees who do not adhere to the HIPAA requirements. In addition, failure to adhere to the privacy regulations can place employees and/or NJMS at risk for civil and/or criminal penalties.

Please contact the New Jersey Medical School Privacy Office at x 2-1815 if you have any questions, concerns or comments.