The Health Insurance Portability and Accountability Act (HIPAA), also known as the “Privacy Rule” (effective April 14, 2003), established minimum Federal standards for safeguarding the privacy of individual’s identifiable health information. The law generally prohibits health care providers such as health care practitioners, hospitals, nursing facilities and clinics from using or disclosing “protected health information” without written authorization from the individual.

“Protected Health Information” (PHI) is any identifiable health information relating to the individual’s past, present or future physical or mental health condition or payment for health care. When health information is individually identifiable and is held by a “covered entity” (under the Privacy Rule a covered entity is defined as: a health plan, a health care clearinghouse, or a health care provider who transmits health information in electronic form in connection with a transaction for which HHS has adopted a standard) it is likely to be protected health information.

HIPAA requires all faculty, staff and other USC employees, as well as students, volunteers, agents and certain other individuals who have access to patient health information through USC providers, to complete an online course on PHI.

Information regarding the most recent version of the Privacy Rule – Health Information Technology for Economic and Clinical Health (HITECH Act), may be found at:  http://www.hhs.gov/about/news/2013/01/17/new-rule-protects-patient-privacy-secures-health-information.html

HIPAA Resources