Starting in April 2003, patients will be granted unprecedented protection over the privacy of their medical records with the implementation of the Health Information Portability and Accountability Act.
The act guarantees patients access to their medical records, giving them more control over how their protected health information is used and disclosed and providing a clear avenue of recourse if their medical privacy is compromised, says the Department of Health and Human Services.
The act targets what is known as covered entities — health plans, healthcare providers, and healthcare clearinghouses — requiring that they comply with rules to protect medical records and other protected health information, known as PHI.
HHS will seek to obtain voluntary compliance by organizations. However, the repercussions for covered entities that flout or fail to adhere to the law can be severe — with civil penalties of $100 per violation, up to $25,000 per person, per year for each requirement or prohibition violated. Criminal penalties are up to $50,000 and one year in prison for obtaining or disclosing protected health information; up to $100,000 and up to five years in prison for obtaining…
The Relationship Between Covered Entities and Business Associates
What the Law Means and Who Will Enforce It
Experts on this Topic
Stephen W. Bernstein. Co-Chair, McDermott, Will & Emery’s HIPAA Practice Group, Boston; McDermott, Will & Emery is an international law firm. For more information, visit mwe.com.
Alexander J. Brittin. Principal Member, the Brittin Law Group PLLC, Washington, D.C.; Brittin Law Group specializes in healthcare and government contract counseling and litigation. For more information, visit brittinlaw.com.
Cheryl Camin. Associate, Gardere Wynne Sewell LLP, Dallas; Gardere Wynne Sewell provides legal advice, counsel, and strategic direction. For more information, visit gardere.com.
Richard M. Campanelli, J.D. Director, Office for Civil Rights, Department of Health and Human Services, Washington, D.C.; HHS, through OCR, promotes and ensures that people have equal access to and opportunity to participate in and receive services in all HHS programs without facing unlawful discrimination. For more information, visit hhs.gov/ocr/hipaa.
Brian Jensen. Senior Consultant, Watson Wyatt Worldwide, Chicago; Watson Wyatt is a global consulting firm focused on human capital and financial management. For more information, visit watsonwyatt.com.
Herb Larsen. VP, Product Management, Quovadx Inc., Englewood, Colo.; Quovadx provides end-to-end total business infrastructure and integration solutions. For more information, visit quovadx.com.
John Mack. President, VirSci Corp., Newtown, Pa.; VirSci provides pharmaceutical and other healthcare clients with privacy, HIPAA, and e-health best practice intelligence. For more information, visit virsci.com.
Sue Milam, Ph.D. Director, Client Services, MyDocOnline Inc., Round Rock, Texas.; MyDocOnline, a subsidiary of Aventis Pharmaceuticals, provides customized Internet applications that enable physician practices to improve overall efficiency while enhancing patient-physician interaction. For more
information, visit mydoconline.com.
Uday O. Ali Pabrai. CEO, the HIPAA Academy, Clive, Iowa; HIPAA Academy delivers solutions to assist organizations with their HIPAA initiatives. For more information, visit hipaaacademy.net.