In response to growing concerns about keeping health information private, Congress passed the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The legislation includes a privacy rule that creates national standards to protect individuals' personal health information. Most health-care providers in the country are required to implement these standards by April 14, 2003.

The Health Insurance Portability and Accountability Act, or HIPAA, requires health care professionals to protect privacy and create standards for electronic transfers of health data. The Office for Civil Rights at the Department of Health and Human Services will enforce the regulations and impose penalties on institutions that do not make a good-faith effort on privacy and security.

HIPAA came about because of the public's concern about how health care information is used. HIPAA gives patients more control over their own health information. Duke Health Enterprise (DHE) is taking steps to provide you, our patient, with these patient rights , which include the right:

• To inspect and obtain a copy of your health information.
• To request that Duke Health Enterprise (DHE) amend health information in your records.
• To receive an accounting of certain disclosures we have made of your health information.
• To request that we restrict the use and disclosure of your health information.
• To request how and where we may contact you about medical matters.
• To receive a written notice of how we may use your health information.

HIPAA requires health care providers like DHE to follow certain rules to protect the privacy of patients' health information. For instance, DHE employees are not allowed to access information on patients unless they need the information to perform their jobs. Employees have received training on how to protect patient information, whether that information is spoken, on paper, or kept in a computer.

The Duke Health Enterprise is participating in this effort along with the majority of other health-care providers in the United States. Compliance with the HIPAA privacy rule is important to continuing our tradition of patient confidentiality.

At Duke, patients have a right to privacy! If you have a question about HIPAA or wish to report a privacy concern, please call 1-800-688-1867.

The Four Focus Areas of HIPAA

• Electronic Data Interchange (EDI)
• Security and Electronic Signature
• Patient Record Privacy
• Standard Identifiers
  
  • Employer
  • Provider
  • Plan
  • Patient

Useful Links

• Duke University Medical Center IRB Web site, with information about HIPAA regulations for researchers
• United States Department of Health & Human Services Web site
• American Hospital Association Web site