Hi, Rahul. The Privacy Rule is a detailed regulation but it works on the basis of a fundamental principle: every use and disclosure of protected health information requires either written authorization or, in the case of certain specific uses and disclosures, prior notice to the individual that such a use or disclosure may be made.
There are two exceptions to this rule: certain very limited disclosures to the sponsor of a group health plan are permitted without either written authorization or prior notice; and prisoners aren't entitled to prior notice. Everything else requires either written consent or prior notice. Prior notice is given through a Notice of Privacy Practices (NPP). The uses and disclosures that are specifically permitted under an NPP are of three types: 1) uses and disclosures for TPO (treatment, payment or health care operations), 2) 12 uses and disclosures required by law or social policy, and 3) 4 notifications of certain information about an individual that may be made to family, friends, religious ministers, and disaster relief agencies so long as an individual who is able to consent to the notifications, has consented. TPO is an important exception to the written authorization requirement. This exception will permit your hospital to undertake its treatment activities, and also its payment and health care operations, without stumbling over the need to have a written authorization for everything that it does. Your hospital, however, will need to cover its TPO uses in its NPP in order to make use of this exception to written authorization. It will need to post its NPP prominently on its premises, provide a copy of it to anyone who asks for it, and deliver it automatically as of the first delivery of service after April 14, 2003 (except in the case of emergency treatment). The uses and disclosures that require a written authorization are everything else, including: 1) the two uses and disclosures that specifically require a written authorization under the Privacy Rule (namely, use and disclosure of psychotherapy notes and of protected health information for marketing purposes), 2) uses and disclosures that would be permitted under the principle of prior notice but for the fact that a covered entity left them out of its NPP, and 3) any use or disclosure that is not specifically exempt from the written authorization requirement (i.e., any use or disclosure that is outside TPO, the 12 uses and disclosure required by law or social policy, and the 4 notifications that may be made with consent (which may be oral)). State law is kind of a wild card in this mix. State law controls if it is more stringent that the Privacy Rule. State law also controls in certain specific situations, including reports of child abuse. That means that sometimes State law controls even if it is less stringent than the Privacy Rule (which will often be the case where child abuse is concerned). Your hospital will need to comply with the Privacy Rule by April 14, 2003. It's a big job, but it is doable. The first thing your hospital should probably do is designate a Privacy Officer and give that individual the responsibility for locating some tools to use for implementing the Privacy Rule in your specific situation--i.e., things like administrative and security checklists, written policies and procedures, forms, and some kind of training program for the staff of your hospital. (It sounds like you may be that person. Like I say, it's a big job, but it's doable. You'll just have to start now.) Your hospital also has a separate area of compliance that it will need to think about. That has to do with electronic data interchange (EDI). Rules on exchanging protected health information electronically are also part of HIPAA. If your hospital got an extension on its compliance date for EDI, it should have until October 16, 2003 to comply with the EDI rules. Good luck. > I am working for a small hospital in arkansa. > > I would like to know in what cases of Uses/Disclosures, besides for > Marketing Communications and research, are individuals authorizations > required. > > Thanks > rahul > > > > _________________________________________________________________ > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* > http://join.msn.com/?page=features/virus > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org > --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org