HIPAA resources below are currently under update and review. Contact it-security@uiowa.edu with specific questions or accommodations.

Privacy Rules and HIPAA at The University of Iowa

General Information

The University of Iowa has implemented federal privacy rules aimed at providing more protection for health care information.

Congress passed legislation in 1996 known as “HIPAA”: the Health Insurance Portability and Accountability Act, which includes a number of health reform provisions. For example, one part of HIPAA helps patients transfer their health care insurance coverage when they change jobs (hence the title: “health insurance portability”). A major section of the law addresses concerns about patient privacy and the growing issue of electronic transmission of data. Across the country, there were concerns about

1) differences in state laws and the fact that there was no national standard for privacy protection of health care information;

2) the potential for health information to be shared and disclosed for commercial use without the patient’s authorization; and

3) the possibility that confidential health information could be used to discriminate against individuals with long-term chronic illnesses. Congress directed the Department of Health and Human Services to adopt Rules to implement the privacy provisions of HIPAA. These rules (the “Privacy Rule”) have recently gone into effect.

The most visible effect of the rule will be the distribution of “privacy notices”. The rules require that “covered entities”, which include health care providers, advise clients of the uses of their health care information and the rights of the clients with regard to that information. This means that the first time a patient visits a nurse practitioner, physician, clinic, pharmacy, hospital or other provider, the patient will receive a “privacy notice”. Since insurance companies and health plans are also “covered entities” most people will also have received a privacy notice in the mail from their health insurer.

The privacy notice, which is required by law, will describe the uses of “protected health information”, that is, what the covered entity does with the personal information that it has in its possession. As a general matter, the health care provider will use health information for purposes that include treatment, payment, and operations.

The notice will also describe the rights that each person has regarding his or her health care record. In general, each person has a right to confidentiality of protected health care information, as well as additional rights such as receiving a copy of the record, placing restrictions on who receives information about their health care, and amending the record if an error has been made. The notice also informs people how to contact the institutional privacy officers for information.

Another effect of the rules is the training requirement. University staff members whose work entails contact with patient information have undergone training in the Privacy Rule and the University’s policies and procedures.

The new rules establish a national standard for privacy protection. They give patients more assurances that safeguards are in place to protect health care information in an era when information can be transmitted widely and quickly through electronic means. Protecting the confidentiality of patient information is an element of excellent care and service and is integral to both compliance with the Privacy rule and the mission of the university.


HIPAA - Security Regulations Compliance Requirements

Administrative and technical requirements to ensure HIPAA regulation compliance:

Resources currently under update and review contact it-security@uiowa.edu with specific questions.

Relevant Laws and Regulations

Understanding Health Information Privacy:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html

Related Links

General information about the Privacy Rule:
http://www.hhs.gov/ocr/privacy/index.html

HHS press releases, fact sheets and other press materials on HIPAA and the Privacy Rule:
http://www.hhs.gov/news/

HIPAA News:
https://www.hhs.gov/hipaa/newsroom/index.html

Privacy Rule and Research:
https://www.hhs.gov/hipaa/for-professionals/special-topics/research/index.html

Staff Benefits long form version of Privacy Notice:
https://hr.uiowa.edu/policies/privacy-practices-notice

University of Iowa Hospitals and Clinics Policies and Procedures:
https://uihc.org/patient-rights-and-responsibilities

Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide:
https://csrc.nist.gov/publications/detail/sp/800-66/rev-2/draft


Contact e-mail: compliance@healthcare.uiowa.edu
Tel: 319-384-8282
Compliance Helpline: 319-384-8190