HIPAA Privacy Rules | The HIPAA Law Explained
Overview: The first-ever federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals, and other health care providers took effect on April 14, 2003. Developed by the Department of Health and Human Services (HHS), these new standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent a uniform, federal floor of privacy protections for consumers across the country. State laws providing additional protections to consumers are not affected by this new rule.
Congress called on HHS to issue patient privacy protections as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA included provisions designed to encourage electronic transactions and also required new safeguards to protect the security and confidentiality of health information. The final regulation covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions (e.g., enrollment, billing and eligibility verification) electronically.
The new privacy regulations ensure a national floor of privacy protections for patients by limiting the ways that health plans, pharmacies, hospitals and other covered entities can use patients' personal medical information. The regulations protect medical records and other individually identifiable health information, whether it is on paper, in computers, or communicated orally. Key provisions of these new standards include:
The privacy rule requires health plans, pharmacies, doctors, and other covered entities to establish policies and procedures to protect the confidentiality of protected health information about their patients. These requirements are flexible and scalable to allow different covered entities to implement them as appropriate for their businesses or practices. Covered entities must provide all the protections for patients cited above, such as providing a notice of their privacy practices and limiting the use and disclosure of information as required under the rule. In addition, covered entities must take some additional steps to protect patient privacy:
HHS' Office for Civil Rights (OCR) oversees and enforces the new federal privacy regulations. Led by OCR, HHS has issued extensive guidance and technical assistance materials to make it as easy as possible for covered entities to comply with the new requirements. Key elements of OCR's outreach and enforcement efforts include:
***This information is intended to be general and informational in nature, and is not intended to provide you with legal, medical, tax, financial planning or other professional advice.
The Charlotte-Mecklenburg School District website (WWW.CMS.K12.NC.US) is in the process of
being updated to ensure compliance with Section 504 of the Rehabilitation Act and Title II of the Americans with Disabilities Act.
In the interim, any website accessibility concerns may be brought via the following, Email:
or Call: 980.343.0115.