03-a-014 - HIPAA Requirements for State Agencies (March 6, 2003)
Posted on 10/21/2021 at 12:49 PM by Kansas Department of Administration
|INFORMATIONAL CIRCULAR NO. 03-A-014|
|DATE:||March 6, 2003|
|SUBJECT:||HIPAA Requirements for State Agencies|
|EFFECTIVE DATE:||April 14, 2003|
|A & R CONTACT:||Leroy Charbonneau||(785) 296-2255||(email@example.com)|
|Randy Kennedy||(785) 296-2125||(firstname.lastname@example.org)|
|Shirley Gilchrist||(785) 296-2882||(email@example.com)|
|Mark Handshy||(785) 296-7021||(firstname.lastname@example.org)|
|SUMMARY:||Health Insurance Portability and Accountability Act Privacy Rule|
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, as issued by the United States Department of Health & Human Services, limits the use and release of individually identifiable health information; gives patients the right to access their medical records; restricts most disclosure of health information to the minimum needed for the intended purpose; and establishes safeguards and restrictions regarding disclosure of records for certain public responsibilities, such as public health, research and law enforcement. Improper uses or disclosures under the rule are subject to criminal and civil sanctions prescribed in HIPAA. Compliance with the HIPAA Privacy Rule is required by April 14, 2003.
Any document that refers to an individual's individually identifiable (their name is on it) health information is subject to the Privacy Rule. We are requiring any payment vouchers subject to the HIPAA Privacy Rule to be stamped with the acronym HIPAA in 24 point (or larger) Helvetica green ink. The stamp should be in the area immediately below the payment voucher's current document number. Accounts and Reports will segregate payment vouchers stamped in this manner in a locked file cabinet.
In accordance with K.S.A. 75-3321, stamps should be obtained from the Training and Evaluation Center of Hutchinson, www.techinc.org, telephone toll free 1-(866) 663-1198, or refer to the 2003 State of Kansas Products and Services catalog. They are generally shipped within five business days of receiving the order.
A full copy of the HIPAA Privacy Rule can be found at http://www.hhs.gov/ocr/hipaa/.
Accounts and Reports employees will be required to sign confidentiality agreements forbidding them to reveal any restricted information. Each agency should develop internal controls to ensure that access to information subject to the HIPAA Privacy Rule is appropriately restricted. SRS is making HIPAA training available to state agencies. Interested agencies may access the HIPAA compliance training instructions at http://www.srskansas.org.