return to list

Health Insurance Portability and Accountability Act Privacy Rules Will Not Be Delayed Beyond Deadline

According to a statement issued on April 12, 2001, by Department of Health and Human Services Secretary Tommy G. Thompson, "President Bush wants strong patient privacy protections put in place now." As a result, the Health Insurance Portability and Accountability Act (HIPAA) privacy rules will not be delayed beyond the April 14, 2001 deadline. The privacy regulation had originally been released on December 28, 2000 with an effective date originally scheduled for February. Implementation was subsequently delayed until April 14.

Thompson assured the health care community that he will oversee necessary modifications that will include, but not be limited to,

  • Parents will have access to information about the health and well-being of their children;
  • Patient care will be delivered in a timely and efficient manner. Requisite consent forms will not compromise patient care.
  • Physicians and hospitals will have access to whatever necessary medical information is needed about a patient in order to provide whatever care is needed.

Patient Rights: Consent and Authorization Requirements Under HIPAA

Providers must obtain consent for the use of protected health information when it involves:

  • treatment;
  • payment; and
  • health care operations. Health care operations include, but are not limited to the following: compliance programs, case management, credentialing, Quality Assurance (QA), accreditation, peer review, customer service, training, referrals to other health care providers or facilities and audits.

Providers do not need to obtain consent for the use of protected health information when it involves:

  • an indirect treatment relationship;
  • emergencies;
  • an impossibility of obtaining consent where consent is inferred.

Consent requirements that must all be satisfied in order for consent to be effective:

  • reference must be made to a notice of privacy practices;
  • plain language;
  • patient must be informed about the potential uses of the protected health information;
  • the consent must be separate from the privacy notice;
  • the patient must be told that he/she has the right to request restrictions on the use of the protected health information;
  • the consent must be signed and dated;
  • the patient must be able to revoke the consent.

Valid authorization requirements which must be met when the use or disclosure of protected health information is not covered by a consent:

  • the protected health information must be described in a specific and meaningful manner;
  • the name of the person authorized to make the requested disclosure must be identified on the authorization;
  • the name of the person authorized to receive the disclosure must be identified on the authorization;
  • the patient must be able to revoke the consent;
  • a warning must be included that indicates that the information disclosed may be subject to redisclosure and may not be protected under HIPAA;
  • any remuneration to the provider must be disclosed;
  • the patient has the right to refuse to authorize the disclosure of protected health information;
  • the authorization must have an expiration date, be signed and be dated.

For more information, please Call or E-mail



return to top   return to list