HIPAA requires national standards for electronic health care transactions and national identifiers for providers, employers, and health plans. HIPAA also addresses the security and privacy of health data. Clinics who conduct health care transactions electronically are covered entities under this rule. Covered entities must implement standards to protect and guard against the misuse of individually identifiable health information. Covered entities must have in place appropriate administrative, technical, and physical safeguards to safeguard the privacy of protected health information. Additionally, the HIPAA Privacy Rule requires the following:

• Patients must be notified about their privacy rights and how their information can be used.
• Privacy procedures must be adopted and implemented.
• Staff must be trained so that they understand privacy procedures.
• A staff member must be designated as responsible for ensuring that privacy procedures are adopted and followed.
• Patient records containing individually identifiable health information must be secured so that they are not readily available to those not authorized to access them.

More information about HIPAA can be found on the Web site of the U.S. Department of Health and Human Services, Office for Civil Rights (the enforcer of the HIPAA privacy rule) and on the American Dental Association’s (ADA’s) Web site.

BACK

NEXT