|
Fundraising Under HIPAA —The Privacy Rule— From Stuart R. Smith, FAHP - Chair Background In 1996, Congress recognized the need for national patient privacy standards and, as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), set a three-year deadline for it to enact such protections. HIPAA also required that, if Congress did not meet this deadline, the Department of Health and Human Services (HHS) was to adopt health information privacy protections via regulation based upon certain specific parameters included in HIPAA. Congress did not enact health privacy legislation. HHS proposed federal privacy standards in 1999 and, after reviewing and considering more than 52,000 public comments on them, published final standards in December 2000 (the “2000 Final Rule”). In March 2001, HHS Secretary Thompson requested additional public input and received more than 11,000 comments, which helped to shape the improvements proposed in March 2002. On August 9, 2002, HHS Secretary Thompson issued the comprehensive federal regulation. The final Privacy Rule was published in the Federal Register on August 14, 2002 (the “2002 Final Rule”) and it takes effect April 14, 2003. The privacy rule is part of a set of standards required under HIPAA's “administrative simplification” provisions. The privacy rule is available online at http://www.hhs.gov/ocr/hipaa/. Most covered entities have until April 14, 2003, to comply with the patient privacy rule; under the law, certain small health plans have until April 14, 2004 to comply.
|