NJMS and HIPAA’s Privacy Rule
The privacy provisions of the federal law, the Health Insurance Portability
and Accountability Act of 1996 (HIPAA), establish nationwide standards
concerning confidentiality of an individual’s health information.
In a nutshell, the Privacy Rule defines appropriate and inappropriate
disclosures of an individual’s confidential health information (commonly
referred to as “PHI”) and establishes certain practices and
procedures to protect an individual’s privacy rights. Significant
protections included in the Privacy Rule include:
• Limitations on the non-consensual use and release of private
health information;
• Establishment of new rules requiring that patients are provided
with a Notice of Privacy Practices that governs disclosures of PHI;
• Provisions granting patients new rights to access their medical
records and to know who else has accessed them;
• Restrictions on most disclosures of health information to the
minimum needed for the intended purpose; and
• Establishment of new rules governing disclosures of PHI to business
partners.
It is NJMS’s policy that each employee that has direct or indirect
contact with a patient’s PHI comply with HIPAA and the statute’s
Privacy Rule. Failure to comply with this rule can result in disciplinary
actions against employees who do not adhere to the HIPAA requirements.
In addition, failure to adhere to the privacy regulations can place employees
and/or NJMS at risk for civil and/or criminal penalties.
Please contact the New Jersey Medical School Privacy Office at x 2-1815
if you have any questions, concerns or comments.
|
