Table of Contents

Acknowledgments ix

About the Author xi

Part I Health Insurance Portability and Accountability Act of 1996 (HIPAA) 1

Chapter 1 HIPAA-Background and Overview of the Law 3

Background 3

Congressional Intent 5

HIPAA Regulations 7

Goals of HIPAA 7

Time Line for Enactment and Compliance with HIPAA 8

Administrative Simplification Provisions 10

Chapter 2 The Privacy Rule 17

Notice of Privacy Practices 19

Patient Consent Form 19

Patient Authorization Form 20

What Patients Can and Cannot Do under HIPAA 21

Right to Request Accounting 21

Right to Request Restrictions of Some Disclosures 22

Health-care Providers and Business Associates-HIPAA Partnership 22

Chapter 3 Security Standards 25

Compliance 26

Good-Faith Standard 27

Penalties for Noncompliance 27

Sending PHI in an E-mail or via the Internet 28

Security Rules and At-Home Employees 29

Certification of Security Standards 29

Security Rule Applies to Electronic PHI Only 29

Physical Safeguards 30

Minimum Operating System Requirements for the Personal Computer Systems Used by a Covered Entity 30

Electronic or Digital Signature 30

Chapter 4 Demystifying HIPAA 31

Definitions 31 Part II HIPAA and State Law Preemption 35

Chapter 5 Preemption Statute -Definition 37

Chapter 6 State Responses to HIPAA 43

Where Lawyers Come In 43

Quicksand, Quagmire, or Quantum Leap? 44

Written Authorizations 44

Request for Accounting 46

Decedents 47

Costs for Copies 49

Records Retention 53

Statute of Limitations 53

Authorized Representatives 54

Medical Information 56

Chapter 7 Breaking It Down State by State 59

Right to Sue 60

Alabama 60

Alaska 61

Arizona 63

Arkansas65

California 65

Colorado 67

Connecticut 67

Delaware 69

District of Columbia 70

Florida 71

Georgia 73

Hawaii 74

Idaho 75

Illinois 76

Indiana 77

Iowa 78

Kansas 79

Kentucky 80

Louisiana 80

Maine 81

Maryland 83

Massachusetts 84

Michigan 84

Minnesota 86

Mississippi 86

Missouri 88

Montana 90

Nebraska 91

Nevada 92

New Hampshire 93

New Jersey 94

New Mexico 95

New York 97

North Carolina 99

North Dakota 100

Ohio 101

Oklahoma 102

Oregon 103

Pennsylvania 105

Rhode Island 106

South Carolina 109

South Dakota 110

Tennessee 111

Texas 112

Utah 114

Vermont 116

Virginia 118

Washington 119

West Virginia 120

Wisconsin 121

Wyoming 123

Part III What a General Practitioner Should Know 127

Chapter 8 Where Lawyers Come In 129

Getting Information 136

HIPAA Privilege and Elements of a "Qualified Protective Order" 139

Chapter 9 Specific Areas of Interest 143

HIPAA and Government Agencies 143

HIPAA and Psychiatric Records 144

HIPAA and Defense Counsel 145

HIPAA and Probate Law 146

HIPAA and Employment Law 147

Chapter 10 Conclusion 153

Part IV Appendixes 155

Appendix 1 HIPAA Forms 157

1 Authorization for Release of Medical Records 158

2 Authorization to Release Medical Information (Short Form) 160

3 Authorization to Release Medical Information (Long Form) 164

4 Authorizaton to Inspect and Release Health Information (Personal Injury Cases) 169

5 Doctor's Authorization to Release PHI 171

6 Order to Compel Release of Medical Records 173

7 Subpoena Duces Tecum to Produce Hospital Records 174

8 Protective Order 175

9 Order on Motion to Quash Subpoena Duces Tecum 176

10 Videotape Protective Order 179

11 Order Appointing Attorney Ad Litem 180

12 Order Appointing Guardian Ad Litem 181

13 Durable Power of Attorney for Healthcare with HIPAA Provision 182

14 Medical Power of Attorney with HIPAA Provision 184

15 Model HIPAA Privacy Notice 193

16 Request and Consent for Disclosure of PHI 199

17 HIPAA Business Associate-Oriented Agreement 202

18 Amendment to an Agreement between a Covered Entity and a Business Associate with HIPAA Provision 210

19 Plan/Employer-Oriented Business Associate Agreement 219

Appendix 2 American Recovery and Reinvestment Act of 2009 245

Appendix 3 HIPAA Security and Privacy Regulations 281

Index 427