The Health Insurance Portability and Accountability Act (HIPAA), among other things, provides for the protection of participants’ medical records and other individually identifiable protected health information (PHI) that is created, received or maintained by the group health plan. The privacy regulations under HIPAA (Privacy Rule) apply to group health plans, healthcare providers and healthcare clearinghouses (collectively, Covered Entities). Business associates (as defined below) are subject to certain requirements of the Privacy Rule. The Privacy Rule requires compliance with the following issues.
The Privacy Rule sets limits on how a covered entity may use PHI. To ensure that the covered entity’s activities are not unduly hampered, activities for treatment, payment and healthcare operations (TPO Activities) are exempt from certain aspects of the Privacy Rule. For instance, a group health plan does not need to obtain the participant’s authorization prior to the use of his/her PHI for TPO Activities, but may use or share only the minimum amount of PHI needed for a particular purpose and generally may only disclose it to entities that are also...
Please call us at (312) 960-9400 if this is an error or if you have any questions.