BeeperMD SITE HIPAA PRIVACY RULE:
Note to Users: This notice is not the same as your health plan's Health Insurance Portability and Accountability Act of 1996 ("HIPAA") Notice of Privacy Practices, which describes in detail how your health plan uses and discloses your individually identifiable health information. Your health plan has a Notice of Privacy Practices, which includes policies for use and disclosure of your information, including information that you provide to BeeperMD. This is managed by your health plan, not by BeeperMD, so we aren't able to let you know of changes or updates. If you would like to read a copy of your health plan's Notice of Privacy Practices, please ask your provider for a copy.
The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections. The Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164. The following is a summary of key elements of the Privacy Rule and not a complete or comprehensive guide to compliance. Entities regulated by the Rule are obligated to comply with all of its applicable requirements and should not rely on this summary as a source of legal information or advice.
What Information is Protected:
The Privacy Rule protects all "individually identifiable health information" held or transmitted by BeeperMD or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)." "Individually identifiable health information" is information, including demographic data, that relates to:
The Privacy Rule excludes from protected health information employment records that BeeperMD maintains in its capacity as an employer.
Basic Principle: A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual's protected health information may be used or disclosed by BeeperMD. BeeperMD MUST not use or disclose protected health information, except either: (1) as the Privacy Rule permits or requires; or (2) as the individual who is the subject of the information (or the individual's personal representative) authorizes in writing.
Required Disclosures: BeeperMD must disclose protected health information in only two situations: (a) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and (b) to HHS when it is undertaking a compliance investigation, compliance review, or an enforcement action.
Permitted Uses and Disclosures: BeeperMD is permitted, but not required, to use and disclose protected health information, without an individual's authorization, for the following purposes or situations: (1) to the Individual (unless required for access or accounting of disclosures); (2) treatment, Payment, and Health Care Operations; (3) opportunity to Agree or Object; (4) incident to an otherwise permitted use and disclosure; (5) public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations
Examples of HIPAA Violations:
Non-compliance with HIPAA regulations can result in:
Penalties for civil violations:
If an employee(s) sees another staff member misusing PHI, the incident must be reported to BeeperMD.
HIPAA regulations also include a Security Rule. Effective on April 21, 2005, the Security Rule set the standard to ensure the privacy of electronic protected health information. BeeperMD has implemented the requirements of the Rule and continually monitors and manages the required security controls.