In 1996 the U.S. Congress passed a law requiring uniform federal privacy protections for individually identifiable health information. This law is called the Health Insurance Portability and Accountability Act of 1996, commonly referred to as HIPAA. Copies of the HIPAA Privacy Rule, as well as helpful explanatory materials, may be found at the HHS Office of Civil Rights website.
Under HIPAA, a “Public Health Authority” refers to an agency or authority of the United States, a State or territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is responsible for public health matters as part of its official mandate. The ICR is considered a Public Health Authority because the Iowa Administrative Code (IAC) mandates our duties.
The Registry has developed and implemented formal policies, procedures and best practices that will safeguard the integrity, confidentiality, and availability of its data. This includes the conduct of personnel with regards to patient data as well as the protection of physical computer systems and buildings and equipment from fire, environmental hazards or intrusion. Processes have been put in place to guard against unauthorized access to data that are transmitted over the communications network.