Background On August 21, 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted as Public Law 104-191. The act included provisions on the portability and renewal of health insurance, fraud and abuse prevention, medical liability reform, health tax regulations, group health care plan requirements, revenue balance provisions, and administrative simplification requirements. Title II, subtitle F on administrative simplification, required the Secretary of Health and Social Services to publish standards for electronic exchange, data protection and the security of health information. The regulations promulgated, known as the confidentiality rule, are found in Section 45 Code of Federal Regulations (CFR), Part 160, and Part 164, Subparts A and E. The safety standard can be found under 45 CFR Part 164, Subpart C. These provisions entered into force on 21 April 2003 and must be complied with from 21 April 2006. These regulations are available on the following website: HIPAA www.hhs.gov/ocr/privacy/hipaa/understanding/summary/ Resources Training – All Coast Guard personnel working with PSRs must complete specific training within thirty (30) business days of reporting to the Coast Guard or assigning them to a specific Coast Guard unit. Coast Guard personnel working with PHI as required by comDTINST M6000.1 (series) must complete annual HIPAA refresher training. Individuals who are more than ninety (90) days late for their annual refresher training will be reported to their direct supervisor. As described in paragraph 164.512(k), individually identifiable health information of inmates is not exempt from the definition of protected health information.

When individuals are released from correctional facilities, they have the same data protection rights that apply to all other individuals under this rule. (ii) to the extent necessary to determine global availability or availability for mandatory service abroad in accordance with sections 101(a)(4) and 504 of the Foreign Service Act; or (i) for the purposes of a required security review conducted in accordance with Orders in Council 10450 and 12968; Please note that the rule does not force or force any covered health plan or health care provider to disclose protected health information. On the contrary, two paragraphs of section 164.512(k) allow the companies concerned to disclose information for intelligence and national security activities, as well as for protective services, to the President and other persons only to authorized federal officials who carry out those activities when those agents perform functions authorized by law. The proposed rule would have empowered the agencies concerned to use and disclose protected health information on armed forces personnel only for activities deemed necessary by the competent military command authorities to ensure the smooth running of the military mission. In order for the military mission to be carried out and maintained, the military command authorities need protected health information in order to be able to make decisions regarding the medical fitness of the person to perform the assigned military tasks. The proposed rule required the Department of Defense (DoD) to publish a notice in the Federal Register listing the intended uses and disclosures of protected health information, and we have maintained this approach in the final rule. This disclosure will be used to limit command authorities` access to protected medical information to circumstances where the disclosure of protected medical information is necessary to ensure the proper conduct of the military mission. Sections 101(a)(4) and 504 of the Foreign Service Act require foreign service members to be available for operations around the world. The final rule allows disclosure to public servants who need protected health information to determine the availability of the global service. In § 164.512(k)(1)(ii), we proposed to replace the word “transport” with “internal security”. Language for a component of the Department of Transport has been included to refer to the Coast Guard; However, the Coast Guard was transferred to the Department of Homeland Security in 2003. National Security and President`s Intelligence and Protection Services and Other Comments: A number of comments objected to the Proposed “Intelligence and National Security Activities” provision of the Law Enforcement Division (§ 164.510(f)(4)), suggesting that it was too broad.

These commenters were concerned that the provision did not contain sufficient procedural safeguards to prevent the misuse of protected health information. The Central Intelligence Agency (CIA) and the Department of Defense (DoD) have also expressed concern about the scope of the provision. The authorities said that if the provision had been implemented as written, it would not have fully fulfilled its purpose of allowing the disclosure of protected medical information to officials conducting intelligence and national security activities who are not law enforcement. The CIA and the Department of Defense argued that the provision should be moved to another section of the rule, perhaps the draft § 164.510(m) on specialized classes, so that authorized intelligence and national security officials could obtain individuals` protected health information without authorization if they were legally involved in intelligence and national security activities.