HEALTH CARE REFORM - HIPAA   

       The Privacy of health care information will be better protected as a result of new federal regulations that become effective April 14, 2003.  

       These regulations are part of the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, which was enacted in 1996 to promote portability of health insurance for workers who lose their jobs. (Public Law, 104-191)      

      HIPAA also was enacted to promote accountability by protecting the integrity, privacy, and availability of health information. This accountability objective is addressed specifically by these four new regulations:

a. Privacy Standards Regulation -Creates a new national standard for privacy of health information

b. Security Standards Regulation -Creates a new national standard for the administrative, technical, and physical safety of health information

c. National Identifiers - Creates national numbers to identify employers, health plans, and health care providers in their transactions

d. Electronic Data Transactions Standards and Code Sets - Implements a uniform set of codes and forms for the health care industry.

      The Privacy Standards Regulation cites the following statistic from the American Health Information Management Association to underscore the need for protection: “an average of 150 people, ‘from nursing staff to x-ray technicians, to billing clerks’ have access to a patient’s medical records during the course of a typical hospitalization.” 

      The privacy regulation blends state laws and federal law by requiring new safeguards for the use and disclosure of health information.  It applies to health care providers, health plans, and health care clearinghouses, if they qualify as covered entities.  Individuals also are provided new rights such as access to their medical records, accounting for disclosures of their health care information, and filing complaints without retaliation.  Also, covered health care providers  must post and provide a Notice of Privacy Practices  to their patients.  Noncompliance is serious and can result in civil fines and criminal penalties, including imprisonment.

    The new Privacy Standards Regulation does not apply to all health information.  Health information contained in employment records or in student records is excluded from this regulation.

    The University's HIPAA Task Force assisted the John Morrison White Clinic at USC Lancaster, the USC Speech and Hearing Center in Columbia, and the USC Pharmacy at the Thomson Student Health Center with their compliance efforts.

  For more information, see the HIPAA website of the Office for Civil Rights, U.S. Department of Health & Human Services: http://www.hhs.gov/ocr/hipaa/