|
|
|
|
|
UC DAVIS: Accounting & Financial Services December 13, 2002 DEANS, DIRECTORS, DEPARTMENT CHAIRS, AND CAMPUS ADMINISTRATIVE OFFICERS Re: Deadline for Standards in Privacy of Health Information The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that we define, designate, and document those entities within the University that engage in HIPAA-covered activities; implement policies and procedures with respect to Protected Health Information (PHI); and train all workforce members on those policies. The University of California is required to comply with these standards by April 14, 2003. By completing the survey located at http://dafis.ucdavis.edu/surveys/hipaa/, you will assist the Davis Campus HIPAA Point Team in determining the possible areas where PHI may be received, created, accessed, used, or disclosed. Your response will be reviewed and we will contact you to provide additional resources and training if appropriate. To meet the fast approaching deadline, please submit your survey response no later than January 15, 2003. Your input is necessary in order to ensure compliance, and therefore completion of the survey is mandatory. BACKGROUND HIPAA establishes national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting the HIPAA standards will improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care. Protected Health Information is defined as: (When all four conditions are met, the information is considered PHI.) 1. Information related to the past, present, or future physical or mental condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; 2. Information can be linked to an individual; 3. Information is created or received by a provider, employer, or health plan; 4. Information is stored or exchanged in any format, including written, oral or electronic. The following are excluded from PHI: 1. Education Records covered by FERPA; 2. Employment records. Examples of Protected Health Information (PHI): * A person's name, address, birth date, age, phone and fax numbers, e-mail address; * Medical records, diagnosis, x-rays, photos, prescriptions, lab work and test results; * Billing records, claim data, referral authorizations, explanation of benefits; * Certain research records. When a member of the University's workforce handles an individual's health information in the capacity of employer, the health information may not be subject to HIPAA, but may be governed by other regulations. HIPAA applies to Health Care Providers and Patient Care Providers that (1) provide health care and bill insurers; 2) are a health plan; or 3) provide business, financial, or other similar services to the University's health care providers or health plans, and as such, are therefore defined as "covered entities." Health Care Providers and Patient Care Providers are defined as those members of the University's workforce, including faculty, health care professionals, trainees, and volunteers who furnish, bill, or are paid for health care in the course and scope of their job. Health care is defined as care, services, or supplies related to the health of an individual. It includes, but is not limited to, the following: (1) Preventative, diagnostic, rehabilitation, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and (2) Sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription. ******* Because of the complexity of the law and the broad definition of Protected Health Information (PHI), there are no readily available lists of workforce members and entities that are subject to HIPAA. To comply by the April 2003 deadline, we must therefore do all that is reasonably possible to identify the HIPAA covered entities within our institution. If you have questions, please contact the Davis Campus HIPAA Point Team at hipaa@ucdavis.edu. J. Michael Allred Associate Vice Chancellor - Finance Chairperson, Davis Campus HIPAA Point Team 02-167
 Office of the Chancellor | Contact Information | Current Issues | Speaking Out | Staff and Organization | Philosophy of Purpose | Principles of Community | Administrative Resources Modified: 12/14/2006 12:23:01 PM Comments: |
