Sentences with phrase «from other covered entities»
Not exact matches
-- For a covered entity described in section 700 (13)(J), 1 emission allowance for each ton of carbon dioxide equivalent of greenhouse gas that would be emitted from the combustion of the natural gas, and any other gas meeting the specifications for commingling with natural gas for purposes of delivery, that such entity delivered during the previous calendar year to customers that are not covered entities, assuming no capture and sequestration of that greenhouse gas.
https://www.congress.gov/
-- An employer, public accommodation, or other entity covered under this Act shall not be excused from compliance with the requirements of this Act because of any failure to receive technical assistance under this section, including any failure in the development or dissemination of any technical assistance manual authorized by this section.
In the event an insurer receives from a covered person a valid order of protection against the policyholder or other person covered under the policy then the insurer is prohibited, for the duration of the order, from disclosing to the policyholder or other person the address (including street, mailing or email addresses) and telephone number of the insured, or of any person or entity providing covered services to the insured.
«(C) for a natural gas local distribution company described in paragraph (13)(J), greenhouse gases that would be emitted from the combustion of the natural gas, and any other gas meeting the specifications for commingling with natural gas for purposes of delivery, that such entity delivered during that calendar year to customers that are not covered entities, assuming no capture and sequestration of that greenhouse gas.
[3] The Greenhouse House Gas Protocol categorizes direct and indirect emissions into three broad scopes: Scope 1: All direct GHG emissions; Scope 2: Indirect GHG emissions from consumption of purchased electricity, heat or steam; and Scope 3: Other indirect emissions, such as the extraction and production of purchased materials and fuels, transport - related activities in vehicles not owned or controlled by the reporting entity, electricity - related activities (e.g. T&D losses) not covered in Scope 2, outsourced activities, waste disposal, etc..
This bill would, in addition, prohibit an employer or other covered entity from making a nonjob - related injury to, or expressing any limitation, specification, or limitation based upon a person's familial status, as defined.
In response to stakeholder concern that the current requirements for sharing patient records covered by Part 2 deter patients from participating in HIEs, ACOs, and other similar organizations, SAMHSA proposes that the «to whom» section of the consent disclosure form could include a more generalized description of entities that would be permitted to receive patient information.
The regulation does not specify the form that the program must take, but requires that it be «designed to perform the following core cybersecurity functions:» (1) identify internal and external cyber risks by, at a minimum, identifying the Nonpublic Information stored on the Covered Entity's Information Systems, the sensitivity of such Nonpublic Information, and how and by whom such Nonpublic Information may be accessed; (2) use defensive infrastructure and the implementation of policies and procedures to protect the company's Information Systems and the Nonpublic Information stored on those Information Systems, from unauthorized access, use or other malicious acts; (3) detect Cybersecurity Events - which are defined broadly to include «any act or attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Information System or information stored on an Information System;» (4) respond to identified or detected Cybersecurity Events to mitigate any negative effects; (5) recover from Cybersecurity Events and restore normal operations and services; and (6) fulfill all regulatory reporting obligations.
We expressed the hope that covered entities, their business partners, and others would make greater use of de-identified health information than they do today, when it is sufficient for the purpose, and that such practice would reduce the burden and the confidentiality concerns that result from the use of individually identifiable health information for some of these purposes.
Others argued that covering all individually identifiable health information would eliminate any disincentives for covered entities to convert from paper to computerized record systems.
Other commenters maintained that section 1179 of the Act means that the Act's privacy requirements do not apply to the request for, or the use or disclosure of, information by a covered entity with respect to payment: (a) For transferring receivables; (b) for auditing; (c) in connection with --(i) a customer dispute; or (ii) an inquiry from or to a customer; (d) in a communication to a customer of the entity regarding the customer's transactions payment card, account, check, or electronic funds transfer; (e) for reporting to consumer reporting agencies; or (f) for complying with: (i) a civil or criminal subpoena; or (ii) a federal or state law regulating the entity.
Similarly, we recognize that a covered entity may wish to rely upon a consent, authorization, or other express legal permission obtained from an individual prior to the applicable compliance date of this regulation that specifically permits the covered entity to use or disclose individually identifiable health information for activities other than to carry out treatment, payment, or health care operations.
We proposed to prohibit covered entities from conditioning treatment or payment on authorization for the use or disclosure of any other protected health information (see proposed § 164.508 (a)(2)(iii)-RRB-.
Other commenters were concerned that the rule would prevent a covered entity from using or disclosing protected health information in otherwise lawful and legitimate ways because of an intentional or inadvertent omission from its published notice.
Other than as described below, § 164.508 (b)(3) prohibits a covered entity from acting on an authorization required under this rule that is combined with any other document, including any other written legal permission from the indiviOther than as described below, § 164.508 (b)(3) prohibits a covered entity from acting on an authorization required under this rule that is combined with any other document, including any other written legal permission from the indiviother document, including any other written legal permission from the indiviother written legal permission from the individual.
Comment: We received several comments suggesting that some covered entities should be exempted from the notice requirement or permitted to combine notices with other covered entities.
The process by which a covered entity seeks agreement from an individual to use or disclose protected health information for other purposes, or to authorize another covered entity to disclose protected health information to the requesting covered entity, are termed «authorizations» and the provisions relating to them are found in § 164.508.
If the disclosure is pursuant to a satisfactory assurance from the party seeking the disclosure, at least a good faith attempt has been made to notify the individual in writing of the disclosure before it is made or the parties have sought a qualified protective order that prohibits them from using or disclosing the protected health information for any purpose other than the litigation or proceeding for which the information was requested and that the information will be returned to the covered entity or destroyed at the end of the litigation or the proceeding.
We permit a covered entity to use or disclose protected health information for other lawful purposes if the entity obtains a written «authorization» from the individual, consistent with the provisions of § 164.508.
Thus, in the final rule we provide that a covered entity may disclose protected health information in response to a subpoena, discovery request or other lawful process that is not accompanied by a court order if it receives satisfactory assurance from the party seeking the request that the requesting party has made a good faith attempt to provide written notice to the individual that includes sufficient information about the litigation or proceeding to permit the individual to raise an objection to the court or administrative tribunal and that the time for the individual to raise objections has elapsed (and that none were filed or all have been resolved).
Response: Employers are not covered entities under HIPAA, so we can not prohibit them under this rule from undertaking these or other activities with respect to health information.
This paragraph also stated that the Secretary would maintain the confidentiality of protected health information she collected and prohibit covered entities from taking retaliatory action against individuals for filing complaints or for other activities.
Notwithstanding other sections of this subpart, the following provisions apply to use or disclosure by a covered entity of protected health information pursuant to a consent, authorization, or other express legal permission obtained from an individual permitting the use or disclosure of protected health information, if the consent, authorization, or other express legal permission was obtained from an individual before the applicable compliance date of this subpart and does not comply with § § 164.506 or 164.508 of this subpart.
Section 164.512 (k) of the final rule states that while individuals are in a correctional facility or in the lawful custody of a law enforcement official, covered entities (for example, the prison's clinic) can use or disclose protected health information about these individuals without authorization to the correctional facility or the law enforcement official having custody as necessary for: (1) The provision of health care to such individuals; (2) the health and safety of such individual or other inmates; (3) the health and safety of the officers of employees of or others at the correctional institution; and (4) the health and safety of such individuals and officers or other persons responsible for the transporting of inmates or their transfer from one institution or facility to another; (5) law enforcement on the premises of the correctional institution; and (6) the administration and maintenance of the safety, security, and good order of the correctional institution.
Second, with respect to abuse of persons other than children, we allow covered entities to refuse to treat a person as an individual's personal representative if the covered entity believes that the individual has been subjected to domestic violence, abuse, or neglect from the person.
We also permit covered entities to seek authorization from the individual for another covered entity's use or disclosure of protected health information for these purposes, including if the covered entity is required to do so by other law.
In order to fall within this definition of clearinghouse, the covered entity must perform the clearinghouse function on health information received from some other entity.
We proposed to prohibit covered entities from implementing a change to an information policy or procedure described in the notice until the notice was updated to reflect the change, unless a compelling reason existed to make a use or disclosure or take other action that the notice would not have permitted.
We believe covered entities will rarely be faced with conflicts between consents and other written legal permission from the individual for uses and disclosures to carry out treatment, payment, and health care operations.
We realize that a covered entity may wish to rely upon a consent, authorization, or other express legal permission obtained from an individual prior to the compliance date of this regulation which permits the use or disclosure of individually identifiable health information for activities that come within treatment, payment, or health care operations (as defined in § 164.501), but that do not meet the requirements for consents set forth in § 164.506.
(4) If, after the applicable compliance date of this subpart, a covered entity agrees to a restriction requested by an individual under § 164.522 (a), a subsequent use or disclosure of Start Printed Page 82829protected health information that is subject to the restriction based on a consent, authorization, or other express legal permission obtained from an individual as given effect by paragraph (b) of this section, must comply with such restriction.
We remove «other distinguishing characteristic» from the list of items that may be disclosed for the location and identification purposes described in this paragraph, and instead allow covered entities to disclose only a description of distinguishing physical characteristics, such as scars and tattoos, height, weight, gender, race, hair and eye color, and the presence or absence of facial hair such as a beard or moustache.
If a covered entity obtained a consent, authorization, or other express legal permission from the individual who is the subject of the research, it would be able to rely upon that consent, authorization, or permission, consistent with any limitations it expressed, to use or disclose the protected health information it created or received prior to or after the compliance date of this regulation.
(2) A covered entity may attempt to resolve a conflict between a consent and an authorization or other written legal permission from the individual described in paragraph (e)(1) of this section by:
In the proposed rule, we defined designated record set as «a group of records under the control of a covered entity from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual and which is used by the covered entity to make decisions about the individual.»
The intent of this provision is to permit covered entities that participate in research to bind themselves to a more limited scope of uses and disclosures for all or identified subsets of research information generated from research that involves the delivery of treatment than it may apply to other protected health information.
We do not attempt to directly regulate employers or other plan sponsors, but pursuant to our authority to regulate health plans, we place restrictions on the flow of information from covered entities to non-covered entities.
One commenter expressed concern that even though proposed § 164.510 (i) would have permitted covered entities to disclose certain information to financial institutions for banking and payment processes, it did not state clearly that financial institutions and other entities described in section 1179 are exempt from the rule's requirements.
In § 164.512 (e) of the final rule, we permit covered entities to disclose protected health information in a judicial or administrative proceeding if the request for such protected health information is made through or pursuant to an order from a court or administrative tribunal or in response to a subpoena or discovery request from, or other lawful process by a party to the proceeding.
In the final rule we address the issue of differentiating health plan, covered health care provider and health care clearinghouse activities from other functions carried out by a single legal entity in paragraphs (a)- (c) of § 164.504.
(2) If the consent, authorization, or other express legal permission obtained from an individual specifically permits a use or disclosure for a purpose other than to carry out treatment, payment, or health care operations, the covered entity may, with respect to protected health information that it created or received before the applicable compliance date of this subpart and to which the consent, authorization, or other express legal permission obtained from an individual applies, make such use or disclosure, provided that:
If a covered entity conditions any of these services on obtaining an authorization from the individual, as permitted in § 164.508 (b)(4) and described below, the covered entity must not combine the authorization with any other document.
If another federal law prohibits a covered entity from using or disclosing information that is also protected health information, but the privacy regulation permits the use or disclosure, a covered entity will need to comply with the other federal law and not use or disclose the information.
We intend this to be a permissible activity for covered entities: we do not require covered entities to undertake these efforts in response to a subpoena, discovery request, or similar process (other than an order from a court or administrative tribunal).
(1) If a covered entity has obtained a consent under this section and receives any other authorization or written legal permission from the individual for a disclosure of protected health information to carry out treatment, payment, or health care operations, the covered entity may disclose such protected health information only in accordance with the more restrictive consent, authorization, or other written legal permission from the individual.
(1) If the consent, authorization, or other express legal permission obtained from an individual permits a use or disclosure for purposes of carrying out treatment, payment, or health care operations, the covered entity may, with respect to protected health information that it created or received before the applicable compliance date of this subpart and to which the consent, authorization, or other express legal permission obtained from an individual applies, use or disclose such information for purposes of carrying out treatment, payment, or health care operations, provided that:
(ii) The covered entity complies with all limitations placed by the consent, authorization, or other express legal permission obtained from an individual.
While this approach could remove from the covered entity the burden of decision - making about actions that need to be taken, we believe that other factors outweighed this potential benefit.
The covered entity is also prohibited from disclosing the mechanism for re-identification, such as tables, algorithms, or other tools that could be used to link the code with the subject of the information.
We also proposed to prohibit covered entities from requiring individuals to sign authorizations for uses and disclosures of protected health information for treatment, payment, and health care operations, unless required by other applicable law.