Privacy Rule

From Clinfowiki
Revision as of 14:38, 27 February 2011 by Raltman (Talk | contribs)

Jump to: navigation, search

The Privacy Rule is an important component of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. It defines the minimum Federal standards for protection of patient data by a Covered Entity for research and other purposes. It specifies who is a Covered Entity, what Protected Health Information (PHI) is, and the conditions under which PHI can be distributed.

In general, there are three ways that PHI can be distributed by a Covered Entity under the Privacy Rule. The first is by the creation of De-Identified Patient Data. This process theoretically removes all individually indentifying information from the patient record, allowing the data to be used to research or financial gain without the ability to link to the information back to a particular person. In reality, this has not been completely successful.

The second method is to get written permission from the patient to release their PHI.

Lastly, an Institutional Review Board (IRB) can also allow for use of PHI in specific situations for certain types of research.


References

http://dataprivacylab.org/projects/identifiability/index.html

http://privacyruleandresearch.nih.gov/pdf/HIPAA_Privacy_Rule_Booklet.pdf


Submitted by Richard Altman

Retrieved from "http://clinfowiki.org/wiki/index.php?title=Privacy_Rule&oldid=9584"