The latest chapter in the growing body of privacy regulations is designed to protect individually identifiable health information. A federal law – the Health and Insurance Portability and Accountability Act of 1996 (HIPPA) – was re-released in April 2001 and will go into effect in April 2003.

Who will be governed by these regulations? Healthcare providers – doctors, hospitals, clinics, and others – health plans, healthcare clearinghouses, and employers who sponsor self-insured health plans must all comply with the new regulations. In addition, these entities must enter into business associate agreements with outside advisors and service providers who have access to individually identifiable health information to ensure that the advisors and service providers follow appropriate safeguards to protect the privacy of the information.

What will the new regulations require? In a nutshell, the regulations prohibit the disclosure of individually identifiable health information unless appropriate patient consent is obtained or a specific exception applies. The regulations are long and complex – too complicated to summarize here.

What should you do if you are governed by these new regulations? Covered entities should begin compliance efforts now to ensure that they have the necessary safeguards in place by April 2003 to protect against unauthorized disclosure of individually identifiable health information. For instance, providers and health plans should begin using standard patient consents and authorizations now in order to minimize disruption of business.

Members of Parker, Poe’s healthcare task force have studied the regulations and are currently assisting clients in their compliance efforts. Please contact Joy Hord at (704) 335-9848 or Rogers Warner at (704) 335-9076 if you have questions about the privacy regulations or need assistance to implement your privacy plan.