Privacy

• Memo to Accounting Unit Managers (pdf)

• Outline of Audit Results

• Proposed Audit Plan (pdf)

• Privacy Standard Regulation

• Patient Confidentiality Survey (pdf)

• Memo to Department Administrators re: Patient Confidentiality Survey (pdf)

• Stritch School of Medicine Patient Confidentiality Survey (pdf)

• Memo to Department Chairs re: Human Biological Materials Storage Survey

• Human Biologic Materials Storage Survey

• Privacy Patrol Audit Tool
  

 

Overview of the HIPAA Privacy Regulation

The HIPAA Privacy Regulation ("Privacy Regulation") took effect on April 14, 2001 (final modifications were published on 8/14/02).  It was created to ensure the protection of a patient’s health care information. This information is defined as "protected health information" or "PHI." The Privacy Regulation can be broken down into three distinct categories:

1. Uses and Disclosures;
2. Documentation; and
3. Patient Rights.

Uses and Disclosures – Permitted uses of PHI include those for treatment, payment and healthcare operations as defined in the Privacy Regulation. Other uses that require specific approval from the patient include those for certain marketing and fundraising activities. Examples of disclosures permitted are those made to public health agencies, regulators and law enforcement officials (limitations apply).

Documentation – Consents, notices, and authorizations have specific meanings under the Privacy Regulation and will need to be considered in great detail in the coming year as we move toward compliance with the regulation. Consents are optional for routine health care delivery purposes (known as treatment, payment and health care operations); Authorizations are needed for other uses and certain disclosures; and, a Privacy Notice outlining all of the ways in which we use PHI will need to be made available to our patients.

Patient Rights – Several patient rights are associated with the Privacy Regulation. Specifically, patients have the right to:

1. Request copies of their records;
2. Request restrictions related to use and/or disclosure of their PHI;
3. Request an amendment to their PHI; and
4. Request an accounting of certain uses and disclosures of their PHI.

Most covered entities have two years to comply with the Privacy Regulation.

Home | LUHS | Contact Us

©1995-2002 Loyola University Health System. All rights reserved.
Disclaimer | Terms and Conditions | Privacy Policy

Last Updated:  May 1, 2003