Privacy, the second area of HIPAA-AS, had a compliance deadline of April 14, 2003. Among other things, this rule:

• limits the use and release of individually identifiable health information;
• gives patients the right to access individually identifiable health care information in the hands of a covered entity, to which the law applies;
• restricts disclosure of individually identifiable health care information to the minimum necessary amount needed for the intended purpose; and
• establishes safeguards and restrictions on access to records for certain public responsibilities.

HIPAA-AS calls for a thorough review of your policies and procedures on protected health information (PHI), as well as privacy and security standards for internal and external transactions that transmit individually identifiable health care information.

"Small" health plans, defined as those with fewer than $5 million in gross annual receipts, have an additional year (to April 14, 2004) to comply.

BCBST has written policies and procedures that ensures the internal protection of our members oral, written, and electronic information. Click the link below for more information regarding our Notice of Privacy Practices.

• Notice of Privacy Practices 
• HIPAA Request Forms