| additional
protection, right to request (HIPAA)
HIPAA's Privacy
Rule gives individuals a right to request additional restrictions
on uses and disclosures of their protected
health information. But it is a right only to make
the request: covered entities
are not required to agree to any restriction.
If the restriction
is accepted, covered entities must abide by it except in emergency
situations where a use or disclosure is necessary to provide
treatment. Those to whom the restricted information is disclosed
must be asked not to redisclose it.
Note that such
restrictions do not apply to the broad "fourth
class" of uses and disclosures for which no consent,
authorization nor opportunity to agree or object is required:
public health; abuse,
neglect or domestic violence reporting; health
oversight; judicial or administrative proceedings; law
enforcement; research under
Privacy Board or IRB waiver;
immediate threats to public safety; national
security; government
functions; or uses and disclosures otherwise required
by law.
A covered entity
may terminate its agreement to a restriction, if the:
- individual agrees
to or requests the termination in writing;
- requests such
a termination orally (there oral declaration must still
be documented); or
- covered entity
informs the individual that it is terminating its agreement
to a restriction.
In the last case,
the termination is only effective for protected health information
created or received after the individual has been informed.
Records of restrictions
must be retained for the standard
time period.
See also:
|
