The University of North Carolina at Chapel Hill (UNC-Chapel Hill) covered University units are committed to allowing individuals to exercise their rights under HIPAA and other applicable federal and state laws. Covered University units will take necessary steps to address an individual's request to access, inspect, and/or obtain a copy of his/her health information or to transmit a copy of his/her PHI to a third party in a timely and professional manner.
Pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), individuals have the right to request an accounting of disclosures of their Protected Health Information (PHI) made by a UNC-Chapel Hill covered health care provider in the six years prior to the request (but no earlier than April 14, 2003).
Pursuant to the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA"), individuals have the right to request an amendment or correction to their medical information. Under specified circumstances, entities may deny the request to amend or correct an individual's medical information.
The purpose of this procedure is to define a process for individuals to file a complaint if they suspect a potential violation of their own or some other person's rights regarding the privacy of health information under the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA").
This policy addresses access, disclosure and use of protected health information (defined below) for University research (including research in the School of Medicine, which is part of the UNC Health Care System HIPAA covered entity) in accord with the Privacy regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
UNC-Chapel Hill provides an education program ("HIPAA training") relating to the requirements of the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA"). This HIPAA training is updated annually to reflect changes any changes in the law, and/or changes in UNC-Chapel Hill policies and procedures as these relate to HIPAA compliance.
The privacy and confidentiality of personal information, including personal health information is addressed in a variety of state and federal regulations and University of North Carolina at Chapel Hill ("UNC-Chapel Hill") policies. This policy addresses the specific privacy obligations required by the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA").
The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA") established Federal standards for safeguarding the privacy of individually identifiable health information. HIPAA mandates rigorous compliance with the requirements for the use and/or disclosure of protected health information ("PHI").
Pursuant to the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA"), individuals have the right to request reasonable alternative means of communications from health care providers in order to ensure confidentiality.
Pursuant to the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information for Economic and Clinical Health Act of 2009 ("HIPAA"), individuals have the right to request restrictions to the use and disclosure of his/her Protected Health Information ("PHI") for treatment, payment and health care operations.
The University of North Carolina at Chapel Hill (The "University" or "UNC-Chapel Hill") has a responsibility to protect the privacy and security of protected health information ("PHI") that it creates, receives, accesses, maintains, uses or transmits. Inappropriate access, use, or disclosure of PHI may cause substantial harm to individuals whose information is used or disclosed, and may cause financial and reputational injury to the University.
PHI is health information created by or received from a health care provider, health plan, employer or health care clearinghouse that relates to the past, present, or future physical or mental condition of an individual, the provision of health care services to an individual, or the past, present, or future payment for the provision of health care services, and that identifies the individual.