A Federal law, known as "HIPAA" (the Health Insurance Portability and Accountability Act of 1996) requires health care providers to implement a comprehensive approach to protect the privacy of personal health information (PHI).

Privacy Rule:

The Privacy Rule regulates the use and distribution of identifiable health information and gives individuals the right to determine and restrict access to their health information. Compliance with HIPAA's privacy regulations will be required beginning April 14, 2003. Substantial penalties, both civil and criminal, may be imposed for non-compliance.

Security Rule:

The HIPAA Security Rule mandates that reasonable and appropriate technical, physical, and administrative safeguards be implemented with electronic identifiable health information. We must ensure the confidentiality, integrity, and availability of all electronic protected health information we create, receive, maintain or transmit. Compliance date for the Security Rule is October 16, 2003.

Transactions and Codes:

HIPAA requires DHHS to adopt standards to facilitate Electronic Data Interchange (EDI). HIPAA transaction standards apply to any health care provider that transmits any health information in electronic form.

Information about the ACT can be found at http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html.

HOW DOES HIPAA IMPACT UND and the SMHS?

HIPAA has impact on UND and the SMHS in several ways. Patient/client records, human subject research records, and marketing demographics contain personal health information as identified in the HIPAA privacy regulation.

Responsible for our HIPAA compliance is Joshua Wynne, M.D.,M.B.A.,M.P.H., Vice President for Health Affairs and Dean, and all compliance aspects coordinated by HIPAA Institutional Compliance Officer. For additional information or assistance, contact HIPAA Compliance Office at 701-777-2515.