HIPAA stands for the Health Insurance Portability and Accountability Act of 1996 and requires us to implement processes with respect to protected health information as well as inform individuals about how we protect their information.

All healthcare providers, health plans, payers, clearinghouses, and other entities that process health data must comply. The employee benefit plans that we offer to our employees are covered under HIPAA.

Most health plans and health care providers that are covered by the new Rule must comply with the new requirements by April 14, 2003. The HIPAA Privacy Rule for the first time creates national standards to protect individuals' medical records and other personal health information.

• It gives individuals more control over their health information.
• It sets boundaries on the use and release of health records.
• It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
• It holds violators accountable, with civil and criminal penalties that can be imposed if they violate individuals' privacy rights.
• And it strikes a balance when public responsibility supports disclosure of some forms of data - for example, to protect public health.
• For individuals - it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.
• It enables individuals to find out how their information may be used, and about certain disclosures of their information that have been made.
• It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
• It generally gives individuals the right to examine and obtain a copy of their own health records and request corrections.
• It empowers individuals to control certain uses and disclosures of their health information.

Protected health information (PHI) is any health information or billing information that can be linked to an individual.

Essentially any information that is individually identifiable is confidential and must be protected. Confidential information includes the address, insurance information and medical information. Only when the individual has agreed, may it be used or disclosed for specific purposes. Also, removal of the individual's name does not mean the individual's identity is protected; other information such as a medical record number, a zip code or a date of birth could still be used for identification.

Privacy rights extend to demographic and billing information when it can be linked to a specific individual.

Only those people who need access for business reasons and who have been authorized to receive it.

No, unless you authorize it.

All employees, even those who do not use protected health information in their work duties. We all have an obligation to protect privacy and respond to situations that put an individual's privacy in jeopardy.

No. The Privacy Rule does not create a government database or require a physician or any other covered entity to send medical information to the Federal government for a government database or similar operation.

An authorization form is a written permission from the individual that allows use or disclosure of their PHI for purposes other than treatment, payment or health care operations.

Under HIPAA, individuals have the right to: Receive a privacy notice to inform them about how PHI will be used and disclosed; Request that uses and disclosure of PHI be restricted (covered entities are not required to always agree to restrictions); Inspect, copy and amend their medical records (individuals may be charged a reasonable fee for copying expenses); Get an accounting of the disclosure of their protected information for the past six years; and File a complaint.

No, your services or benefits are not changed in any way.

All requests must be in writing. No requests can be accepted by telephone.