HIPAA, Privacy & Confidentiality
- Privacy refers to the right of an individual to keep his or her health information private.
- Confidentiality refers to the duty of anyone entrusted with health information to keep that information private.
Health Insurance Portability and Accountability Act of 1996
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule seeks to protect individually identifiable health information from uses and disclosures that may unnecessarily compromise a person’s privacy. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities, but balances that protection with permitting the disclosure of personal health information needed for patient care and other important purposes.
The Privacy Rule applies to health plans, health care clearinghouses, and any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of Health and Human Services has adopted standards under HIPAA (defined as “covered entities”). Many organizations that use, collect, access, and disclose individually identifiable health information will not be covered entities under the rule, and thus will not have to comply with the Privacy Rule. In the realm of emergency response, HIPAA can create an environment in which the aging services providers and other organizations may have concerns about sharing the names of older adults who might require assistance. Local and state agencies and organizations should understand how HIPAA may impact planning and response efforts.
Guidance Memorandum to Administration on Aging
Only covered entities are subject to HIPAA’s controls. Organizations must first determine whether they qualify as a covered entity under the Rule. The U.S. Department of Health and Human Services released a guidance memo Cdc-pdf[PDF–177K]External explaining that programs operating under the Older Americans Act do not meet the criteria for a covered entity as a health plan, but may meet the criteria for a health care provider, and may collect the type of personal health information covered under the Rule. Some aging programs, therefore, may be subject to HIPAA’s privacy rules.
Disclosures for Emergency Preparedness
The U.S. Department of Health and Human Services has created a decision toolExternal to assist entities in determining how the Privacy Rule applies to certain disclosures within the realm of emergency preparedness, planning, and response.
- Understanding Health Information PrivacyExternal U.S. Department of Health and Human Services