HIPAA - The Privacy Rule
|
What is HIPAA?
|
| The Health Insurance Portability and Accountability Act (HIPAA) went into effect on April 14, 2003 to: |
- insure the portability of insurance coverage as employees moved from job to job
- increase accountability and decrease fraud and abuse in healthcare; and
- improve the efficiency of the health care payment process, while at the same time protecting a patient's privacy.
|
|
HIPAA applies to "Covered Entities," defined by the Privacy Rule as:
|
- a health care provider that conducts certain transactions in electronic form,
- a health care clearinghouse,
- a health plan, or
- a business associate (person or organization) performing a function on behalf of the Covered Entity for which access to protected health information is needed.
|
Because Case Western Reserve University (Case) has at least one department that provides health care services and electronically transmits health information, it is considered a Covered Entity.
Case as a "hybrid entity"
Since the primary function of Case is not to provide health care, Case is permitted to designate itself as a "hybrid entity," which allows it to apply the Privacy Rule only to those parts of Case that, if standing alone, would be a Covered Entity. As a hybrid entity, Case must designate its "health care components," which includes departments that provide support for health care components.
Health Care Components at Case are:
Case School of Dental Medicine
Case School of Dental Medicine Faculty Practice Plan
Case Student Self-Insured Health Plan
Case Optional Dependent Medical Plan
Case Employee Health Plan
Required Training for Employees of Health Care Components
Current members of the designated health care components at Case must complete the mandatory privacy and security training program. Failure to complete this training will result in disciplinary action.
For more information on how to access your department's required training, please contact:
Dentistry:
Benjamin Schechter
216-368-3882
benjamin.schechter@case.edu
Human Resources:
Denise Rowell
216-368-5000
denise.rowell@case.edu
Case Policies and Procedures for HIPAA
For more information about how Case meets HIPAA requirements, go to the University Policies and Procedures for HIPAA. Navigate the PDF document by clicking on the "Bookmarks" tab on the left to view the table of contents.
HIPAA and Research
A researcher who obtains protected health information (PHI) from a Covered Entity (whether at Case, University Hospitals of Cleveland, The MetroHealth System, The Louis Stokes Cleveland Veterans Affairs Medical Center, The Cleveland Clinic or from some other Covered Entity) or creates new PHI through the Covered Entity will need to comply with the Privacy Rule. Case and its affiliated hospitals empower their IRBs to act as Privacy Boards on behalf of each Covered Entity. For example, the MetroHealth IRB also acts as MetroHealth's Privacy Board for research purposes.
For more information on how to meet each institution's HIPAA requirements please click on the link for the appropriate IRB below:
Case Social and Behavioral IRB
Case Cancer IRB
MetroHealth Medical System
University Hospitals of Cleveland
Louis Stokes Cleveland VA Medical Center
The Cleveland Clinic
Other Resources on HIPAA
NIH Privacy Rule and Research
DHHS Office for Civil Rights: Government HIPAA Office
Office for Civil Rights HIPAA Guidance: Research Section Provides Good FAQs
**Case Informational HIPAA Presentation
**(Please note that viewing this presentation WILL NOT satisfy your HIPAA training
requirement. It is for informational purposes only. Please see above contacts for
information on completing mandatory HIPAA training.)
Case HIPAA Contacts
|
