Here you will find a brief overview of the federal legislation known as HIPAA for those individuals who receive care from a Johns Hopkins health care provider, who are members of a Johns Hopkins health plan, or who participate in a Johns Hopkins research project.
- What does “HIPAA” stand for?
- Who must comply with HIPAA?
- What does HIPAA do?
- How is Johns Hopkins ensuring compliance with HIPAA?
- What does this mean for Johns Hopkins and you?
- Exercising Your Privacy Rights
- What do you do if you have any questions or would like further information?
- Notice of Privacy Practices
“HIPAA” is the acronym for the federal legislation titled Health Insurance Portability andAccountability Act of 1996.
HIPAA is applicable to:
- Health Care Providers (who transmit electronic transactions covered by the HIPAA regulations)
- Health Plans (self insured/insured, HMOs, health insurance companies, employer health plans, and similar arrangements)
- Health Care Clearinghouses
Those who must comply with HIPAA are considered “covered entities.”
Without question, HIPAA is complex and has many components, but basically it addresses 3 major areas:
- Privacy – provides new rules in regard to how an individual’s health information may be used and disclosed by covered entities.
- Transaction and Code Sets – requires the use of standard transaction formats and code sets when an individual’s financial health information is transmitted electronically by a covered entity for purposes of payment, coverage determinations, eligibility determinations, and similar business matters.
- Security – requires covered entities to have specific security measures in place to protect an individual’s health information that is sent or stored electronically.
Johns Hopkins has created a HIPAA Office, within the Johns Hopkins’ Health System Legal Department, to assure that Johns Hopkins is in compliance with HIPAA regulations.
Through the HIPAA Office, Johns Hopkins has, among other things:
- Appointed a Privacy Officer and a Chief Information Security Officer
- Trained (and continues to train) its workforce
- Developed policies and procedures to implement HIPAA requirements
- Developed HIPAA compliant forms to help implement HIPAA
- Developed, and made available, Notices of Privacy Practices
The privacy and security components to HIPAA provide broad reaching protections for your individually identifiable health information. The transaction and code sets component to HIPAA requires conformity to precise rules in the electronic transmission of your financial health information.
Some of the rights that patients and plan members gain under HIPAA include:
- The right to receive a written Johns Hopkins Notice of Privacy Practices (see links below)
- The right to review and get a copy of health and billing information
- The right to ask that their health and billing information be amended
- The right to ask for restrictions in the use of their health and billing information
- The right to ask for confidential communications
- The right to find out, in some circumstances, who outside of Johns Hopkins has been given an individual’s health information since April 14, 2003
- The right to file a complaint with Johns Hopkins or with the US Department of Health and Human Services’ Office for Civil Rights if they feel their privacy rights have been violated
(See the appropriate Notice of Privacy Practice below for a more thorough discussion of these rights.)
If you would like to obtain an appropriate request form to (1) inspect and/or receive a copy of your health information, (2) request a restriction on the use of disclosure of your health information, (3) request confidential communications, or (4) request a disclosure of your health information, or for other questions, please contact the medical records department (sometimes referred to as health information services or something similar) at your Johns Hopkins health care provider or the plan administrator at your Johns Hopkins EHP health plan. Some of those key numbers include:
- for Johns Hopkins Hospital: 410-955-5226
- for Bayview Medical Center: 410-550-0688
- for Howard County General Hospital: 410-740-7953
- for Johns Hopkins Community Physicians: 410-338-3480
- for Johns Hopkins Home Care Group: 410-288-8174
- for Johns Hopkins HealthCare/Employee Health Programs: 410-424-4450
- for Uniformed Services Family Health Plan at Johns Hopkins: 410-424-4528
- for Priority Partners Managed Care Organization:
If you would like to (1) request an amendment to your health information, (2) request an accounting of disclosures of your health information, or (3) raise a privacy complaint, please contact the Johns Hopkins Privacy Officer as specified below.
Johns Hopkins Privacy Officer
5801 Smith Avenue
McAuley Hall, Suite 310
Baltimore, MD 21209
Below are the Notice of Privacy Practices for Johns Hopkins Health Care Providers and for various Johns Hopkins Health Plans: (Note: You will need Acrobat Reader to view some of these files.)