|
|
|
Patient Privacy
UT Physicians respects the privacy of every patient. Patients expect that the information that they give to their health care providers will remain confidential and protected. Patients want to know what information is kept, who has access to their information, how records can be amended and errors corrected and what rights patients have with regard to their health information.
In recognition of patients’ rights and the increasingly complex flow of health information, Congress passed a federal law in 1996 that, among other things, required the Department of Health and Human Services (DHHS) to issue Privacy Standards. This law is called the Health Insurance Portability and Accountability Act of 1996 and it is commonly referred to as HIPAA.
DHHS, in turn, wrote the Standards for the Privacy of Individually Identifiable Health Information. Entities covered by the Privacy Standards, including health care providers, health care clearinghouses and health plans, were required to comply with these standards by April 14, 2003. UT Physicians is a health care provider and, therefore, is covered by HIPAA.
UT Physicians protects the privacy of patients’ Protected Health Information in compliance with applicable provisions of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (HIPAA) and regulations promulgated
hereunder by the U.S. Department of Health and Human Services (Privacy Rule) and all other applicable privacy-related state laws, regulations and other jurisprudence which are not preempted by HIPAA.
What is protected? The Privacy Standards cover Protected Health Information (PHI). PHI is individually identifiable health information that is related to the "past, present or future physical or mental health condition" of a person. The definition of PHI excludes individually identifiable health information in education records covered by the Family Educational Right and Privacy Act (20 USC 1232g).
PHI under HIPAA means individually identifiable health information. This definition is narrowed to information created or received by a health care provider, health plan, employer or health care clearinghouse. The information that is protected includes information in oral, written or electronic form. Information relating to the provision and the payment for the provision of health care is also included in this definition.
How is the information protected? The core concept of the Privacy Standards is that patient information cannot be used by the provider or disclosed to a third party without the authorization of the patient, with a few exceptions.
 |
Treatment The Privacy Standards permit a health care provider to disclose protected health information about a patient, without the patient’s authorization, to another health care provider for that provider’s treatment of the patient.
|
|
|
Payment payment encompasses the various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits under the plan and to obtain or provide reimbursement for the provision of health care.
|
|
|
Health Care Operations Health Care Operations is defined by DHHS as certain administrative, financial, legal and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment.
|
Patient’s Rights Patients have the right to:
|
|
View and obtain a copy of their clinical records.
|
|
|
Request an amendment or addendum to their clinical records.
|
|
|
An accounting of PHI disclosures.
|
|
|
Request restrictions on the uses and disclosures of their protected health information.
|
|
|
Confidential communications from their health care providers.
|
|
|
Complain to the Privacy Officer or the Department of Health and Human Services regarding the Privacy Rule.
|
|
|
Receive a Notice of Privacy Practices that describes the uses and disclosures of their PHI that may occur and also describes their rights under the Privacy Rule.
|
|
