Policy Manual

3.15 HIPAA and Health Information

Policy

Rochester University is a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). According to the law, all RC officers, employees and agents of units within the Entity must preserve the integrity and the confidentiality of individually identifiable health information (IIHI) pertaining to each patient or client. This IIHI is protected health information (PHI) and shall be safeguarded in compliance with the requirements of the security and privacy rules and standards established under HIPAA.

Definitions

HIPAA - Health Insurance Portability and Accountability Act. A law mandating that anyone belonging to a group health insurance plan must be allowed to purchase health insurance within an interval of time beginning when the previous coverage is lost. The law protects employees, especially those with long term health conditions who may be reluctant to leave jobs because they are afraid pre-existing condition clauses will limit coverage of any such conditions under a new insurance plan, from losing health insurance due a change in employment status. The law also creates standards dealing with the privacy of health information, which helps prevent improper use of one's medical record.

PHI - Protected Health Information. HIPAA regulations define health information as "any information, whether oral or recorded in any form or medium" that

  • is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
  • relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.