Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
I. Introduction, 3 II. HIPAA, the HITECH Amendments to HIPAA, and HHSâs Final Rule, 5 III. HIPAAâs Application to Covered Entities, 6 IV. HIPAAâs Application to Business Associates of Covered Entities, 8 A. Definition of a Business Associate, 8 B. Uses and Disclosures of PHI by Business Associates, 9 C. Requirements for a Business Associate Agreement, 10 V. Applicability of HIPAA to Subcontractors, 11 VI. Application of HIPAA to Hybrid Entities, 11 VII. HIPAAâs Definition of Protected Health Information, 13 VIII. HIPAAâs Privacy and Security Rules, 14 A. Introduction, 14 B. The Privacy Rule, 14 C. The Security Rule, 17 D. De-Identified Information, 19 IX. Whether HIPAA Applies to Transit Agencies, 20 A. Introduction, 20 B. Health Information Provided by or Authorized by Patrons, 20 C. Effect of HIPAA on Coordinated Transportation Services Programs, 22 D. Whether Transit Service Is a Business Associate Function Under HIPAA, 26 E. Whether Transit Agencies Must Provide a Privacy Notice, 28 X. Disclosure of Protected Health Information When Required by Law, 29 A. Subpoenas and Discovery Requests, 29 B. FOIA Requests, 30 XI. HIPAA Preemption of Contrary State Laws that Are Less Stringent than HIPAA, 31 XII. The Enforcement Rule: Civil and Criminal Penalties Under HIPAA, 33 A. Introduction, 33 B. Complaints and Civil Penalties, 34 C. Criminal Penalties, 35 XIII. Judicial Claims for Health Privacy Violations, 35 A. Section 1983 Claims for Wrongful Disclosure of Health Information, 35 B. No Private Right of Action for a HIPAA Violation, 37 CONTENTS XIV. Commentatorsâ Views of HIPAA, 38 XV. Applicability of Other Federal Laws, 39 A. Americans with Disabilities Act and the Rehabilitation Act of 1973, 39 B. Other Federal Privacy Laws, 41 C. Resolving Conflicts Between HIPAA and Other Federal Laws, 41 XVI. State Laws Applicable to the Privacy of Health Information, 41 A. Introduction, 41 B. State Constitutions and the Privacy of Health Information, 42 C. State Statutory Protection of the Privacy of Health Information, 44 D. State Laws Limiting Further Disclosure of Health Information, 46 E. Security of Health Information Under State Privacy Laws, 48 F. State Privacy Laws Applicable to State and Local Agencies, 49 G. State Public Records Disclosure Laws, 49 XVII. Civil Actions at Common Law for Health Privacy Violations, 49 A. Tort Actions Under State Common Law, 49 B. Invasion of Privacy, 50 C. Other Common Law Tort Actions, 52 D. Breach of Contract Claims for Health Privacy Violations, 53 E. Defenses Asserted by Defendants, 54 XVIII. HIPAA and Transit Registries or Databases for Emergency Planning and Operations, 54 XIX. Industry Practices and Standards Applicable to Transit Agencies Having Health Information on Patrons, 56 Conclusion, 56 Appendix A: Federal Privacy Laws Other than HIPAA, 58 Appendix B: Affordable Care Act, 26 U.S.C. Section 5000Aâ Requirement to Maintain Minimum Essential Coverage, 66 Appendix C: Business Associate Agreements, Guides, Notices, Policies, Practices, and Procedures Provided by Transit Agencies, 72 Appendix D: Survey Questions to Transit Agencies, 226 Appendix E: Summary of Transit Agenciesâ Responses to Survey, 232 Appendix F: List of Transit Agencies Responding to Survey, 241