A Dialogue With The Federal Office of Civil Rights

Caduceus with First-aid Kit
Below is a conversation between Lorraine Mazurek, CEO of Your Solutions Now, LLC and Emily from the Federal Office of Civil Rights regarding PMCs/PRCs and HIPAA compliance.

Lorraine’s Question: If a state legislature expands their definition of a “covered entity” for their state do these “entities” need to comply with Federal HIPAA?

Emily’s Answer: If within the state’s rules and regulations the state says a “covered entity” must comply with HIPAA rules and regulations, then yes, such entities will need to comply with Federal HIPAA rules and regulations.

If the state’s rules and regulations do NOT state the “entity” needs to comply with Federal HIPAA, then the “entity” will be required to follow the privacy and security regulations the state has put in place, not Federal HIPAA.

Emily also stated that the word HIPAA is used for the Federal rules and regulations but is also used as the “tag line” for all privacy and security rules and regulations with regard to Private Health Information. However this can be misleading as the Federal and State definitions may differ.

Lorraine’s Question:  If the state’s definition of a “covered entity” is expanded where it would include Pregnancy Resource Centers but the state’s definition of Private Health Information (PHI) points to only the Federal HIPAA definition of Private Health Information (PHI) would Pregnancy Resource Centers have to comply with the privacy and security rules and regulations of that state?

Emily’s Answer: No, a pregnancy resource center would not since they are not considered health care providers.

Lorraine’s Question: But if that same states DOES expand the definition of Private Health Information (PHI) and does NOT point to the Federal HIPAA definition of Private Health Information (PHI) could the Pregnancy Resource Center need to comply with the privacy and security rules and regulations of that state?

Emily’s Answer: Depending on what that state’s definition said would determine that.

Emily also stated:

  • Each state has expanded the privacy and security of PHI and the Office of Civil Rights (OCR) does not keep track of it, it is up to us to be knowledgeable.
  • If there was a complaint regarding privacy or security of PHI, the complaint would be submitted to the state OCR or Department of Health or Medical Board, depending on each state. The Federal OCR would not get involved.
  • HIPAA (state level) is always changing based on many reasons so it is important to be aware of what is going on within each state.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: