The National Academies Press

Currently Skimming:

Pages 41-48

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 41... ... 41 unable to climb steps and requires a boarding chair to enter a van; and whether a rider travels with oxygen tanks.407 The transit agencies' responses to the survey concerning their handling of patrons' health information indicate that they are maintaining strict confidentiality of any patrons' health information that they receive and maintain. Read the entire page →
From page 42... ... 42 groups, marketers of non-prescription health products and foods, and some urgent care facilities.417 In some jurisdictions, state privacy law is as important as HIPAA.418 Consequently, transit agencies with health information on their patrons will want to be aware of their states' laws on the privacy and security of health information. There are "dozens" of state statutes that obligate corporations and individuals to secure health information (footnotes omitted) Read the entire page →
From page 43... ... 43 for invasion of privacy an aggrieved person must establish that there is a specific, legally protected privacy interest at issue; that the individual had a reasonable expectation of privacy; and that the invasion of privacy was "sufficiently serious in [its] nature, scope, and actual or potential impact to constitute an egregious breach of the social norms underlying the privacy right."432 In Montana, Article 2, Section 10 of the Montana Constitution establishes a right to privacy,433 a right that applies to "autonomy privacy" and "confidential informational privacy" and that includes medical records.434 To assert a claim against the state or a state actor an individual must demonstrate that he or she has a subjective or actual expectation of privacy in his or her medical records and that society accepts that expectation as a reasonable one.435 Although none involved HIPAA, several cases were located for this digest in which plaintiffs brought a claim for invasion of privacy under a state constitutional provision. Read the entire page →
From page 44... ... 44 to find a claim for damages for an invasion of privacy under the Indiana constitution.446 As for one of Rhoades' privacy claims based on a state statute, the court held that the statute did not create a private right of action.447 C State Statutory Protection of the Privacy of Health Information In some situations, although state laws on health privacy vary considerably, a state statute may apply when HIPAA or another other federal law does not.448 However, as one expert observes, there is an increased demand for health care information from secondary users for purposes that are not really related to health care. Read the entire page →
From page 45... ... 45 dential prescription information, sued for alleged violations of the Pennsylvania Unfair Trade Practices and Consumer Protection Law (UTPCPL) , as well as for invasion of privacy and unjust enrichment. Read the entire page →
From page 46... ... 46 substantiality of the intrusion on the employee's privacy resulting from the disclosure."477 Second, the court applied a de minimis test. MGH has a substantial interest in furthering research and supporting inventions which have the potential to benefit both the hospital and its patients. Read the entire page →
From page 47... ... 47 must insure that the statutory requirements are met to prevent access to or the dissemination of personal data.488 Under the statute a holder of personal data is an agency that collects, uses, maintains or disseminates personal data or any person or entity which contracts or has an arrangement with an agency whereby it holds personal data as [a] part or as a result of performing a governmental or public function or purpose. Read the entire page →
From page 48... ... 48 includes at least 29 instances when health care entities may or shall disclose health records including when required "by other provisions of state law…."501 Unlike HIPAA, some state statutes allow an individual to bring a civil action against a person who intentionally and unlawfully discloses a person's health information.502 As in Texas, some of the statutes are broad enough to apply to downstream recipients of health information such as transit and other agencies. For example, in Maine the enforcement provision follows the section establishing the state's confidential policies that apply to health care practitioners and health care facilities.503 Maine's law states in part that "[a] Read the entire page →

From page 41...

... 41 unable to climb steps and requires a boarding chair to enter a van; and whether a rider travels with oxygen tanks.407 The transit agencies' responses to the survey concerning their handling of patrons' health information indicate that they are maintaining strict confidentiality of any patrons' health information that they receive and maintain.

Read the entire page →

From page 42...

... 42 groups, marketers of non-prescription health products and foods, and some urgent care facilities.417 In some jurisdictions, state privacy law is as important as HIPAA.418 Consequently, transit agencies with health information on their patrons will want to be aware of their states' laws on the privacy and security of health information. There are "dozens" of state statutes that obligate corporations and individuals to secure health information (footnotes omitted)

Read the entire page →

From page 43...

... 43 for invasion of privacy an aggrieved person must establish that there is a specific, legally protected privacy interest at issue; that the individual had a reasonable expectation of privacy; and that the invasion of privacy was "sufficiently serious in [its] nature, scope, and actual or potential impact to constitute an egregious breach of the social norms underlying the privacy right."432 In Montana, Article 2, Section 10 of the Montana Constitution establishes a right to privacy,433 a right that applies to "autonomy privacy" and "confidential informational privacy" and that includes medical records.434 To assert a claim against the state or a state actor an individual must demonstrate that he or she has a subjective or actual expectation of privacy in his or her medical records and that society accepts that expectation as a reasonable one.435 Although none involved HIPAA, several cases were located for this digest in which plaintiffs brought a claim for invasion of privacy under a state constitutional provision.

Read the entire page →

From page 44...

... 44 to find a claim for damages for an invasion of privacy under the Indiana constitution.446 As for one of Rhoades' privacy claims based on a state statute, the court held that the statute did not create a private right of action.447 C State Statutory Protection of the Privacy of Health Information In some situations, although state laws on health privacy vary considerably, a state statute may apply when HIPAA or another other federal law does not.448 However, as one expert observes, there is an increased demand for health care information from secondary users for purposes that are not really related to health care.

Read the entire page →

From page 45...

... 45 dential prescription information, sued for alleged violations of the Pennsylvania Unfair Trade Practices and Consumer Protection Law (UTPCPL) , as well as for invasion of privacy and unjust enrichment.

Read the entire page →

From page 46...

... 46 substantiality of the intrusion on the employee's privacy resulting from the disclosure."477 Second, the court applied a de minimis test. MGH has a substantial interest in furthering research and supporting inventions which have the potential to benefit both the hospital and its patients.

Read the entire page →

From page 47...

... 47 must insure that the statutory requirements are met to prevent access to or the dissemination of personal data.488 Under the statute a holder of personal data is an agency that collects, uses, maintains or disseminates personal data or any person or entity which contracts or has an arrangement with an agency whereby it holds personal data as [a] part or as a result of performing a governmental or public function or purpose.

Read the entire page →

From page 48...

... 48 includes at least 29 instances when health care entities may or shall disclose health records including when required "by other provisions of state law…."501 Unlike HIPAA, some state statutes allow an individual to bring a civil action against a person who intentionally and unlawfully discloses a person's health information.502 As in Texas, some of the statutes are broad enough to apply to downstream recipients of health information such as transit and other agencies. For example, in Maine the enforcement provision follows the section establishing the state's confidential policies that apply to health care practitioners and health care facilities.503 Maine's law states in part that "[a]

Read the entire page →

Key Terms

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.