Posts

Showing posts with the label covered entity

Not to be outdone Alabama is the final state to pass a Data Protection Bill

Right on the heels of South Dakota, who passed their data protection bill in February of this year, Alabama is the 50th and final State to pass a data protection bill. Alabama SB 318 was passed this month. The codification of state data protection laws began in 2003 with California. To date all remaining states have followed suit. SB 318 , seemingly incorporates Health Insurance Portability Accountability Act's ( HIPAA ) terminology and some application. Class of protected The statute applies to individuals residing within the state. Individuals rights Individuals are afforded protection from the breach , which is defined as the unauthorized acquisition of personally identifiable information (PII). PII is also referred to as personal data , in some jurisdictions. Data Protected The statute outlines the type of PII that is protected under the statute as “electronic data ” that can be any of the following : Identification number (military, driver’s...

Common Privacy Terms

Controller –any person or entity that determines the purpose of data. Processor –any person or entity that processes data for the controller. Personally Identifiable Information (PII) information that can be reasonably linked to an individual, using persistent identifiers. Personal Data (EU term) data related to an identifiable natural person, who can be identified (directly or indirectly) by reference of an identifier: ID#, Location data, physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.   Encryption - turning data into an unreadable cipher text (ibid.). This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Breach (Data Breach) - unauthorized and sometimes unlawful access and or acquisition of PII. Health Insurance Portability and Accountability Act of 1996 (HIPAA) PHI (Protected Health Information)- identifiable health information including demographic data...

Health Insurance Portability Accountability Act (HIPAA) : Notice of Privacy Practices

HIPAA regulations make up two main parts: The Privacy (HIPAA) Rights of individuals related to their Personally Healthcare Information (PHI) and the Security (HITECH) of the healthcare information held by Covered Entities .  The Privacy Rule requires covered entities to provide individuals with a copy of their notice of privacy practices, at the first visit/date of service. Covered Entities must be able to prove that patients received these notices; thus they generally require individuals to sign a document called "receipt of notices of privacy practices." These notices must contain information on how the covered entity's   use   and disclosures of the PHI. For example, there should be   a statement   that the PHI will be used consistent with payment of claims, treatment of the individual and for business operations (quality control, auditing or internal monitoring). In addition, the notice should contain information on instances when a signed release w...