HIPAA established national standards to protect personal health information.
The Code of Federal Regulations (CFR) is the codification of administrative law published in the Federal Register. The Office of the Federal Register (OFR) is an agency of the National Archives and Records Administration (NARA). Fifty permanent rules and regulations are codified to represent broad areas of law regulated by the federal government. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy regulations establishes national standards to protect individuals' personal health information and medical records.
Standards
The HIPAA Privacy Rule of 1996 required the Secretary of Health and Human Services to adopt standards from among those already approved by private standards developing organizations to address the security of electronic health information systems, certain electronic health transactions and other protected health information. Protected Health Information includes claims, enrollment, eligibility, payment and coordination of benefits.
Mandate
The HIPAA Privacy Rule established a specified timetable on providers and health plans for compliance. The Privacy Rule mandated that health plans and providers use the specified standards for electronic transactions 24 months after they were adopted.
Privacy
The Privacy Rule required the Secretary of the DHHS to recommend privacy standards for health information to Congress within 12 months after enactment. The Proposed Privacy Rule was submitted to Congress on Nov. 3, 1999. After numerous modification attempts, the Final Privacy Rule was enacted April 4, 2002.
Pre-emption of State Law
The HIPAA Privacy Rule takes precedence over state laws unless the Secretary of HHS determines that the state law should be upheld. Such state laws might be to prevent fraud and abuse, ensure appropriate state regulation of insurance, health plans or controlled substances. Where state laws impose more stringent privacy regulations than those issued by the Secretary, state laws are in force. HIPAA does not limit the state's ability to require health plan audits or reports.
Penalties
Certain violations of the HIPAA Privacy Rule 45 are punishable by civil money penalties and prison.
Tags: Privacy Rule, HIPAA Privacy, HIPAA Privacy Rule, state laws, health information