Standards for Privacy of Individually Identifiable Health Information. Final Privacy Rule Preamble.. I. Background

12/28/2000

Table of Contents

§ 160.101 Statutory basis and purpose.

§ 160.102 Applicability.

§ 160.103 Definitions.

§ 160.104 Modifications.

§ 160.201 Applicability

§ 160.202 Definitions.

§ 160.203 General rule and exceptions.

§ 160.204 Process for requesting exception determinations.

§ 160.205 Duration of effectiveness of exception determinations.

§ 160.300 Applicability.

§ 160.302 Definitions.

§ 160.304 Principles for achieving compliance.

(a) Cooperation.

(b) Assistance.

§ 160.306 Complaints to the Secretary.

(a) Right to file a complaint.

(b) Requirements for filing complaints.

(c) Investigation.

§ 160.308 Compliance reviews.

§ 160.310 Responsibilities of covered entities.

(a) Provide records and compliance reports.

(b) Cooperate with complaint investigations and compliance reviews.

(c) Permit access to information.

§ 160.312 Secretarial action regarding complaints and compliance reviews.

(a) Resolution where noncompliance is indicated.

(b) Resolution when no violation is found.

§ 164.102 Statutory basis.

§ 164.104 Applicability.

§ 164.106 Relationship to other parts.

§ 164.500 Applicability.

§ 164.501 Definitions.

§ 164.502 Uses and disclosures of protected health information: general rules.

(a) Standard.

(b) Standard: minimum necessary.

(c) Standard: uses and disclosures of protected health information subject to an agreed upon restriction.

(d) Standard: uses and disclosures of de-identified protected health information.

(e) Standard: disclosures to business associates.

(f) Standard: deceased individuals.

(g) Standard: personal representatives.

(h) Standard: confidential communications.

(i) Standard: uses and disclosures consistent with notice.

(j) Standard: disclosures by whistleblowers and workforce member crime victims.

§ 164.504 Uses and disclosures: organizational requirements.

(a) Definitions.

(b) Standard: health care component.

(c) Implementation specification: application of other provisions.

(d) Standard: affiliated covered entities.

(e) Standard: business associate contracts.

(f) Standard: requirements for group health plans.

(g) Standard: requirements for a covered entity with multiple covered functions.

§ 164.506 Consent for uses or disclosures to carry out treatment, payment, or health care operations.

(a) Standard: consent requirement.

(b) Implementation specifications: general requirements.

(c) Implementation specifications: content requirements.

(d) Implementation specifications: defective consents.

(e) Standard: resolving conflicting consents and authorizations.

(f) Standard: joint consents.

§164.508 Uses and disclosures for which an authorization is required.

(a) Standard: authorizations for uses and disclosures.

(b) Implementation specifications: general requirements.

(c) Implementation specifications: core elements and requirements.

(d) Implementation specifications: authorizations requested by a covered entity for its own uses and disclosures.

(e) Implementation specifications: authorizations requested by a covered entity for disclosures by others.

(f) Implementation specifications: authorizations for uses and disclosures of protected health information created for research that includes treatment of the individual.

§ 164.510 Uses and disclosures requiring an opportunity for the individual to agree or to object.

(a) Standard: use and disclosure for facility directories.

(b) Standard: uses and disclosures for involvement in the individual's care and notification purposes.

§ 164.512 Uses and disclosures for which consent, an authorization, or opportunity to agree or object is not required.

(a) Standard: uses and disclosures required by law.

(b) Standard: uses and disclosures for public health activities.

(c) Standard: disclosures about victims of abuse, neglect or domestic violence.

(d) Standard: uses and disclosures for health oversight activities.

(e) Standard: disclosures for judicial and administrative proceedings.

(f) Standard: disclosures for law enforcement purposes.

(g) Standard: uses and disclosures about decedents.

(h) Standard: uses and disclosures for cadaveric organ, eye or tissue donation purposes.

(i) Standard: uses and disclosures for research purposes.

(j) Standard: uses and disclosures to avert a serious threat to health or safety.

(k) Standard: uses and disclosures for specialized government functions.

(l) Standard: disclosures for workers' compensation.

§ 164.514 Other requirements relating to uses and disclosures of protected health information.

(a) Standard: de-identification of protected health information.

(b) Implementation specifications: requirements for de-identification of protected health information.

(c) Implementation specifications: re-identification.

(d) Standard: minimum necessary requirements.

(e) Standard: uses and disclosures of protected health information for marketing.

(f) Standard: uses and disclosures for fundraising.

(g) Standard: uses and disclosures for underwriting and related purposes.

(h) Standard: verification requirements

§ 164.520 Notice of privacy practices for protected health information.

(a) Standard: notice of privacy practices.

(b) Implementation specifications: content of notice.

(c) Implementation specifications: provision of notice.

(d) Implementation specifications: joint notice by separate covered entities.

(e) Implementation specifications: documentation.

§ 164.522 Rights to request privacy protection for protected health information.

(a) Standard: right of an individual to request restriction of uses and disclosures.

(b) Standard: confidential communications requirements.

§ 164.524 Access of individuals to protected health information.

(a) Standard: access to protected health information.

(b) Implementation specifications: requests for access and timely action.

(c) Implementation specifications: provision of access.

(d) Implementation specifications: denial of access.

(e) Implementation specification: documentation.

§ 164.526 Amendment of protected health information.

(a) Standard: right to amend.

(b) Implementation specifications: requests for amendment and timely action.

(c) Implementation specifications: accepting the amendment.

(d) Implementation specifications: denying the amendment.

(e) Implementation specification: actions on notices of amendment.

(f) Implementation specification: documentation.

§ 164.528 Accounting of disclosures of protected health information.

(a) Standard: right to an accounting of disclosures of protected health information.

(b) Implementation specifications: content of the accounting.

(c) Implementation specifications: provision of the accounting.

(d) Implementation specification: documentation.

§ 164.530 Administrative requirements.

(a) Standard: personnel designations.

(b) Standard: training.

(c) Standard: safeguards.

(d) Standard: complaints to the covered entity.

(e) Standard: sanctions

(f) Standard: mitigation.

(g) Standard: refraining from intimidating or retaliatory acts.

(h) Standard: waiver of rights.

(i) Standard: policies and procedures.

(j) Standard: documentation.

(k) Standard: group health plans.

§ 164.532 Transition provisions.

(a) Standard: effect of prior consents and authorizations.

(b) Implementation specification: requirements for retaining effectiveness of prior consents and authorizations.

§ 164.534 Compliance dates for initial implementation of the privacy standards.

(a) Health care providers.

(b) Health plans.

(c) Health care clearinghouses.