University of Mississippi Medical Center
School of Medicine
Health Insurance Portability and Accountability Act
(HIPAA)
It is the policy of UMMC to meet all the applicable requirements of the Standards for Privacy of Individually Identifiable Health Information (referred to as privacy regulations) set forth in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, 45 CFR Parts 160 and 164.
As such, UMMC has developed and implemented a UMMC Notice of Privacy Practices, implemented administrative policies and procedures as applicable to ensure compliance, and designated certain persons for particular responsibilities as required by the privacy regulations.
Notice of Privacy Practice (NPP) – The UMMC NPP allows our patients and other interested individuals to know how we use and disclose health information for various purposes. The NPP will be made available as required by the privacy regulations.
Administrative Policies and Procedures – UMMC has created new administrative policies and procedures and revised current policies and procedures as applicable to ensure that health information is used and disclosed in a manner compliant with the privacy regulations and that patients’ rights, afforded to them by the privacy regulations, are met.
Uses and disclosures of health information - With some exceptions, the privacy regulations require UMMC to obtain authorization from the patient prior to using and disclosing their health information. Some exceptions to the authorization requirement include but are not limited to:
Uses and disclosures for treatment of the patient;
Uses and disclosures for payment purposes;
Uses and disclosures for healthcare operations of UMMC; and
Uses and disclosures that UMMC is required to make by law.
Patient’s rights
The privacy regulations grant certain rights to patients. As such, UMMC policy allows
patients to exercise their right with regards to their health information. Some of these
rights include but are not limited to:
The right to obtain a copy of the UMMC Notice of Privacy Practice (NPP);
The right to access and obtain a copy of his/her health information;
The right to request amendments to his/her health information;
The right to request restrictions on the use and disclosure of his/her health
information when such use or disclosure is for treatment, payment and healthcare
operations;
The right to an accounting of disclosures;
The right to agree or object to being included in the facility directory;
The right to confidential communications; and
The right to revoke a prior authorization.
Designated Responsibilities
In compliance with the privacy regulations, UMMC has designated the following
persons/departments to assume certain responsibilities:
- UMMC Privacy Officer – Assistant Director of Compliance
- The UMMC Office of Compliance - Responsible for receiving and investigating reports of privacy violations and for answering questions concerning the UMMC NPP
- The Department of Risk Management – Review of requests for amendments to a patient’s health information
- Hospital Medical Director and Health Information Services responsible for receiving and processing requests for access made by hospital patients to
their health information.
For More Information on HIPPA please see the following link:
http://uhc.umc.edu/intranet/hipaa.html
