The Standards for Privacy of Individually Identifiable Health Information (HIPAA Privacy Rule) were established by the Department of Health and Human Services to insure a minimum standard of protection for an individual's protected health information. The Privacy Rule requires that health care providers, health insurance companies, and clearinghouses take certain precautions to insure the confidentiality of the information in their possession. These precautions include:
- Using only the minimum necessary information to perform a task.
- Requiring protection of privacy language in all contracts which require protected health information to be exchanged with the contractor.
- Requiring a patient's specific written authorization for the release of psychotherapy notes.
- Providing the patient with an opportunity to opt out of being listed in the hospital's patient directory.
- Providing the patient with a Notice of Privacy Practices.
- Providing the patient with an accounting of the disclosures of their protected health information.
- Allowing the patient to specify an alternate method of contacting him or her.
- Allowing the patient to review their protected health information and amend it if it is found not to be accurate or complete.
- Allowing the patient to request additional restrictions on the use of their protected health information.
- Training all employees in patient privacy protection.
- Appointing a Privacy Official to oversee the institution's privacy program. Click here for information about LSU Health Sciences Center New Orleans' Privacy Officer.
The Privacy does not place any restrictions on the following types of disclosures:
- Disclosures for treatment purposes.
- Disclosures to oversight organizations such as DHHS.
If you have any questions regarding the Privacy Rule, please contact the Privacy Officer.