(A) The HIPAA Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) provides national standards for protecting the privacy of health information. The privacy rule regulates how certain entities, called covered entities, use and disclose certain individually identifiable health information, called protected health information (PHI). PHI is individually identifiable health information that is transmitted or maintained in any form or medium (such as, electronic, paper, or oral), but excludes certain educational records and employment records.
(B) The protected health information privacy rule protects certain information that covered entities use and disclose. This information is called protected health information (PHI), which is generally individually identifiable health information that is transmitted by, or maintained in, electronic media or any other form or medium. information must relate to:
(1) The past, present, or future physical or mental health, or condition of an individual;
(2) Provision of health care to an individual; or
(3) Payment for the provision of health care to an individual.
(C) If the information identifies or provides a reasonable basis to believe it can be used to identify an individual, it is considered individually identifiable health information.
(D) The town will maintain the employee’s health and medical records in accordance with the requirements of HIPAA.