|
|
| Line 1: |
Line 1: |
| − | The Privacy Rule is an important component of the [[Health Insurance Portability and Accountability Act (HIPAA)]] of 1996. It defines the minimum Federal standards for protection of patient data by a [[Covered Entity]] for research and other purposes. It specifies who is a Covered Entity, what [[Protected Health Information (PHI)]] is, and the conditions under which PHI can be distributed.
| + | #REDIRECT [[Health Insurance Portability and Accountability Act (HIPAA)]] |
| − | | + | |
| − | In general, there are three ways that PHI can be distributed by a Covered Entity under the Privacy Rule. The first is by the creation of [[De-Identified Patient Data]]. This process theoretically removes all individually indentifying information from the patient record, allowing the data to be used to research or financial gain without the ability to link to the information back to a particular person. In reality, this has not been completely successful.
| + | |
| − | | + | |
| − | The second method is to get written permission from the patient to release their PHI.
| + | |
| − | | + | |
| − | Lastly, an Institutional Review Board (IRB) can also allow for use of PHI in specific situations for certain types of research.
| + | |
| − | | + | |
| − | | + | |
| − | == References ==
| + | |
| − | http://dataprivacylab.org/projects/identifiability/index.html
| + | |
| − | | + | |
| − | http://privacyruleandresearch.nih.gov/pdf/HIPAA_Privacy_Rule_Booklet.pdf
| + | |
| − | | + | |
| − | | + | |
| − | | + | |
| − | Submitted by Richard Altman [[Category:BMI512-WINTER-11]]
| + | |
