HIPAA privacy regulations clarified: let calm prevail.

: The Health Insurance Portability and Accountability Act (HIPAA) privacy regulations are now in full effect. Enforcement regulations have been published. Physicians, like other Covered Entities, must come to grips with the practical applications and implications of the regulations in their day-to-day practice operations. Despite reams of prefatory guidance from the Department of Health and Human Services (HHS) and additional guidance from its Office for Civil Rights (OCR) in the form of responses to Frequently Asked Questions, the regulations leave much to interpretation (see http://www.hhs.gov/ocr/index.html). Many attorneys and consultants have raised general alarms about the dire complexity and impact of the privacy rules. These are unnecessary hysterics. Fortunately, for physician practices, most privacy issues can be dealt with by adopting appropriate common sense policies and procedures. This article identifies some common conundrums and issues physician practices are likely to encounter in implementing the regulations and offers practical guidance for addressing them.