i The Health Insurance Portability and Accountability Act of 1996 (HIPAA), was enacted on August 21, 1996. Since then the Secretary of the Department of Health & Human Services promulgated rules pursuant to HIPAA including the Privacy Rule. The Privacy Rule was created to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. It attempts to balance the use of information (“protected health information”) by “covered entities” with privacy concerns.
The Privacy Rule protects all “individually identifiable health information” held or transmitted by a “covered entity” or its “business associate”, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI). ii
“Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual, iii
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
To be continued ….
Aaron E. Futterman, CPA, Esq. is a partner in the law firm of Futterman & Lanza, LLP with offices in Smithtown, NY and clients throughout Suffolk, Nassau, Queens, Brooklyn, Bronx, Richmond, New York, Westchester and Rockland Counties. He concentrates his practice to Elder Law, Medicaid Planning, Medicaid Applications, Estate Planning, Probate, Estate Taxes, and Estate Administration.
i This article was based in large part from information obtained from the HHS.GOV website.
ii See 45 C.F.R. § 160.103.