Most health plans and health care providers that are covered by the new Rule must comply with the new requirements by April 14, 2003.
The HIPAA Privacy Rule for the first time creates national standards to protect individuals’ medical records and other personal health information.
• It gives patients more control over their health information.
• It sets boundaries on the use and release of health records.
• It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
• It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.
• And it strikes a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health.
• For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.
• It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
• It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
• It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
• It empowers individuals to control certain uses and disclosures of their health information.