Your Rights |
| Sitemap |
Letters to Editor
USPS Expands on Disclosures Permitted under
the Federal Register of April 29, 2005, the USPS expanded on the
disclosures permitted under the Privacy Act. Some examples are:
"Arguably relevant records may be disclosed to a bar association or
similar Federal, state, or local licensing or regulatory authority
that relate to possible disciplinary action." (If postal attorneys,
EAP counselors and other licensed professionals in the USPS were
exempt from disciplinary action as some claim, there would be no
reason for this rule.)
"Records about an individual may be disclosed to a congressional
office in response to an inquiry from the congressional office made
at the prompting of that individual." (This reverses a court
ruling. Employees should be careful when opening this Pandora's
box. A Congressional office could make their records public.)
"Reference copies of discipline or adverse actions. These are kept
for historical purposes and are not to be used for decisions about
the employee. The retention of these records may not exceed ten
years beyond the employee's separation date. The records are
maintained longer if the employee is rehired during the 10-year
period. They may not be maintained in
the employee's OPF but must be maintained in a separate file by
"Reference copies of all discipline or adverse actions: Letters of
warning; notices of removal, suspension, reduction in grade or pay;
and letters of decisions; and documents relating to these actions.
These are used only to refute inaccurate statements by witnesses
before a judicial or administrative body. They may not be maintained
in the employee's OPF but must be maintained in a separate file by
This will surprise some! Disciplinary records are maintained in LR
computers until 10 years AFTER separation. Previously, the time
limit was 10 years.
A tactic of some LR advocates in a hearing is to ask a person,
especially a grievant, if they have ever been disciplined. If the
person says no or leaves something out, prior disciplinary actions
going back as far as 1975 are introduced to impeach the person's
memory and/or credibility. For that reason employees should SAVE
their disciplinary files FOREVER, however
minor. They may be needed for rebuttal 30 years later.
Let me give you an example. Last year a clerk called me
frantically. He had transferred to another post office, got in
trouble for fighting, and was issued a Notice of Removal. Although
no previous incidents were mentioned in the Notice of Removal, Labor
Relations cited a prior one-week suspension for fighting that was
about 15 years old! I sent proof from my steward files that his
prior discipline had been reduced to a LOW. As a result his
termination was reduced to a suspension.
Disciplinary records are maintained in LR computers until 10 years
after separation. This is true even if the employee thinks the
disciplinary records have been expunged. LR records are easily
retrieved now that they are stored electronically. Employees should
be forewarned and advised to save their own files until separation
USPS updates Privacy Act record systems |
Federal Register Notice9pt>9pt>
Eight-Digit Identification Numbers
To Replace Social Security Numbers-The Postal Service
started using eight-digit employee identification numbers in
replacement of Social Security numbers on employee records effective
Pay Period 14-03 (July 3, 2003) . Absent any business-related need
for the Social Security number, the employee identification number
will replace the Social Security number in all postal systems,
beginning with the Time and Attendance System (TACS).In a meeting on
June 12, 2003 the Postal Service explained that it wants to remove
Social Security numbers from any documents or reports that are
available on the work-room floor to help protect employees from
identity theft. Social Security numbers will continue to be part
of payroll information because the USPS must report the numbers to
the Internal Revenue Service. With the substitution of employee
identification numbers, however, Social Security numbers will
gradually become less visible on printed material. (APWU)
Doe, Buck, et al. v. Chao, Elaine ( Labor Secretary)
JUSTICE SOUTER delivered the opinion of
the Court. The United States is subject to a cause of action
for the benefit of at least some individuals adversely affected by a
federal agency’s violation of the Privacy Act of 1974. The question
before us is whether plaintiffs must prove some actual damages to
qualify for a minimum statutory award of $1,000. We hold that they
Appealed From: 4th Circuit Court of
Appeals (Sept. 20, 2002)
Oral Argument: Dec. 3, 2003
Subject: Privacy Act,
damages, social security number disclosure
Summary: Supreme Court case seeks to establish how Privacy Act
is enforced-Question(s) presented: Whether, under the
5 U.S.C. 552a, individuals who have proven a violation of the act,
for the disclosure of their Social Security numbers (SSNs), but
cannot prove actual damages, are automatically entitled to $1000 in
damages? This case will not only establish how the Privacy Act is
enforced, but also how careful the government must be when handling
social security numbers in the future.
Doe, Buck, et al. v. Chao, Elaine
(US Dept. of Labor Secretary)
case was heard by the Supreme Court on December 3, 2003. This case concerns
the wrongful disclosure
of the Social Security
by a federal agency and whether a person should be required to prove actual
to obtain relief under the
The view of most federal courts, is that it should only be necessary
to show "adverse effects" to obtain the minimal $1,000
under the Act.
Doe, Buck, et al. v. Chao, Elaine (US Dept. of Labor Secretary)
In this case, the Department of Labor
was sued by a class of coal miners who filed claims with the government for black
lung benefits. To process the benefit claims, the Department of Labor used each
applicant's Social Security Number (SSNs)
to identify that applicant's claim. As identification numbers, the SSNs
were subsequently disclosed to other applicants, as well as those applicants' employers
and lawyers. The SSNs
were also made publicly available in administrative law decisions and computerized
legal research databases.
After realizing that his Social Security number had been published
along with his name on multiparty hearing notices, Doe feared that
anyone could use the information to steal his identity.
The Labor Department had been publishing claimants’ Social Security
numbers for 22 years, without protest from any of the scores of
judges, lawyers or black lung claimants who participated in the
February 1997, Doe and several others filed suits against the department in
federal court in the Western District of Virginia, alleging that the Department
had violated their privacy.
The United States District Court for the Western District of Virginia
consolidated the miner's claims and assigned their case to a magistrate to make
recommendations with regard to motions for summary judgment and class
certification. The magistrate recommended that the district court grant summary
judgment against all the miners with the exception of Buck Doe, finding that
they were unable to prove
The district court adopted the magistrate's recommendation and granted summary judgment
in favor of the government on all claims except that of Doe. With respect to his
claim, the court entered summary judgment in favor of Doe, awarding him $1,000 in
According to a provision in the 1974 Privacy Act, any individual who
has proven an "adverse affect" caused by the government
intentionally or willfully violating his or her privacy is entitled
to no less than $1,000 compensation., and that because
emotional distress is the chief means of proving damage in
cases, such emotional distress is sufficient evidence to allow recovery under the
The court found that Doe had demonstrated enough emotional distress to justify recovery,
and thus was entitled to statutory
But on appeal, Doe’s case was not as successful, being partially
overturned by a divided 4th Circuit Court of Appeals panel in
The miners (other than
Doe) appealed the district court's decision to the Fourth Circuit, arguing that
proof of "actual
is unnecessary to recover under the
and in the alternative, that the district court's holding with respect to Doe was
correct because emotional distress is sufficient evidence of injury to permit an
award of damages
under the Privacy Act.
The government also appealed the district court's decision, claiming that recovery
under the Privacy Act
is limited to individuals who can produce evidence of "actual
which includes only monetary loss and not emotional harm. The Fourth Circuit adopted
the government's view and determined that Doe was not entitled to
under the Privacy Act
because he failed to show that any tangible consequences flowed from the emotional
distress he experienced due to the disclosure
of his SSN.
The Supreme Court granted
certiorari June 27, 2003 to consider the question of whether an individual bringing suit
for wrongful SSN disclosure
must prove that he suffered actual monetary
as a result of the disclosure
in order to recover the minimum
provided by the Privacy
(source: Northwestern University)
Doe v. Chao History
April 3, 2003- New law will safeguard patient information
Come April 14, there will be a new consumer-protecting
position at all area hospitals, physicians’ offices and nursing
homes. Privacy officers, as they will be known, are charged with
protecting the rights of patients. After April 14, 2003 every person
who goes to a doctor’s or dentist’s office, a pharmacist, home
health care agency, hospital or nursing home will be given a
document called a “Notice of Privacy Practices” that explains
the provider’s policies for safeguarding the confidentiality in
the use and disclosure of patient health information. All health
insurers also are required to provide the notice. The change is
required by a new Federal law called the Health Insurance
Portability and Accountability Act (HIPAA) that, according to
the U.S. Department of Health and Human Services, is intended to
provide consumers with personal privacy protections and access
to high-quality health care.
more info: Visit
Federal HIPAA Regulation Mandates
Asked Questions About Privacy of Medical Information-OPM
OCR HIPAA Privacy
December 3, 2002
Revised April 3, 2003
NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION
[45 CFR 164.520]
The HIPAA Privacy Rule gives individuals a fundamental new right to
be informed of the privacy practices of their health plans and of most
of their health care providers, as well as to be informed of their
privacy rights with respect to their personal health information. Health
plans and covered health care providers are required to develop and
distribute a notice that provides a clear explanation of these rights
and practices. The notice is intended to focus individuals on privacy
issues and concerns, and to prompt them to have discussions with their
health plans and health care providers and exercise their rights.
How the Rule Works
General Rule. The Privacy Rule provides that an individual has a
right to adequate notice of how a covered entity may use and disclose
protected health information about the individual, as well as his or her
rights and the covered entity’s obligations with respect to that
information. Most covered entities must develop and provide individuals
with this notice of their privacy practices.
The Privacy Rule does not require the following covered entities
to develop a notice:
care clearinghouses, if the only protected health information they
create or receive is as a business associate of another covered entity.
See 45 CFR 164.500(b)(1).
correctional institution that is a covered entity (e.g., that has a
covered health care provider component).
group health plan that provides benefits only through one or more
contracts of insurance with health insurance issuers or HMOs, and that
does not create or receive protected health information other than
summary health information or enrollment or disenrollment information.
See 45 CFR 164.520(a).
Content of the Notice.
Covered entities are required to
provide a notice in
the covered entity may use and disclose protected health information
about an individual.
individual’s rights with respect to the information and how the
individual may exercise these rights, including how the individual may
complain to the covered entity.
covered entity’s legal duties with respect to the information, including
a statement that the covered entity is required by law to maintain the
privacy of protected health information.
individuals can contact for further information about the covered
entity’s privacy policies.
The notice must include an effective date. See 45 CFR 164.520(b) for
the specific requirements for developing the content of the notice.
A covered entity is required to promptly revise and distribute its
notice whenever it makes material changes to any of its privacy
practices. See 45 CFR 164.520(b)(3), 164.520(c)(1)(i)(C) for health
plans, and 164.520(c)(2)(iv) for covered health care providers with
direct treatment relationships with individuals.
Providing the Notice.
covered entity must make its notice available to any person who asks for
covered entity must prominently post and make available its notice on
any web site it maintains that provides information about its customer
services or benefits.
< Provide the notice to individuals
then covered by the plan no later than April 14, 2003 (April 14, 2004,
for small health plans) and to new enrollees at the time of enrollment.
< Provide a revised notice to
individuals then covered by the plan within 60 days of a material
< Notify individuals then covered
by the plan of the availability of and how to obtain the notice at least
once every three years.
Direct Treatment Providers
< Provide the notice to the
individual no later than the date of first service delivery (after the
April 14, 2003 compliance date of the Privacy Rule) and, except in an
emergency treatment situation, make a good faith effortto obtain the
individual’s written acknowledgment of receipt of the notice.
If an acknowledgment cannot be obtained, the provider must document
his or her efforts to obtain the acknowledgment and the reason why it
was not obtained.
< When first service delivery to an
individual is provided over the Internet, through e-mail, or otherwise
electronically, the provider must send an electronic notice
automatically and contemporaneously in response to the individual’s
first request for service. The provider must make a good faith effort to
obtain a return receipt or other transmission from the individual in
response to receiving the notice.
< In an emergency treatment
situation, provide the notice as soon as it is reasonably practicable to
do so after the emergency situation has ended. In these situations,
providers are not required to make a good faith effort to obtain a
written acknowledgment from individuals.
< Make the latest notice (i.e., the
one that reflects any changes in privacy policies) available at the
provider’s office or facility for individuals to request to take with
them, and post it in a clear and prominent location at the facility.
A covered entity may e-mail the
notice to an individual if the individual agrees to receive an
electronic notice. See 45 CFR 164.520(c) for the specific requirements
for providing the notice.
Any covered entity, including
a hybrid entity or an affiliated covered entity, may choose to develop
more than one notice, such as when an entity performs different types of
covered functions (i.e., the functions that make it a health plan, a
health care provider, or a health care clearinghouse) and there are
variations in its privacy practices among these covered functions.
Covered entities are encouraged to provide individuals with the most
specific notice possible.
Covered entities that
participate in an organized health care arrangement may choose to
produce a single, joint notice if certain requirements are met. For
example, the joint notice must describe the covered entities and the
service delivery sites to which it applies. If any one of the
participating covered entities provides the joint notice to an
individual, the notice distribution requirement with respect to that
individual is met for all of the covered entities. See 45 CFR
New law will safeguard patient information
By DIANA ROSSETTI Repository Living section writer
Come April 14, there will be a new consumer-protecting position at
all area hospitals, physicians’ offices and nursing homes.
Privacy officers, as they will be known, are charged with protecting
the rights of patients. After April 14, every person who goes to a
doctor’s or dentist’s office, a pharmacist, home health care agency,
hospital or nursing home will be given a document called a “Notice of
Privacy Practices” that explains the provider’s policies for
safeguarding the confidentiality in the use and disclosure of patient
health information. All health insurers also are required to provide the
The change is required by a new Federal law called the Health
Insurance Portability and Accountability Act (HIPAA) that, according to
the U.S. Department of Health and Human Services, is intended to provide
consumers with personal privacy protections and access to high-quality
“By that compliance date, each setting needs to train staff about
confidentiality and appoint a privacy officer to make sure that policies
are operating and they’re also the person to whom a patient can address
a question or concern,” explained health care attorney Joseph Feltes, a
shareholder with the Jackson Township office of Buckingham, Doolittle &
Feltes, the son of a surgeon, said employers will be affected
profoundly by HIPAA’s Privacy Rule, which will limit their ability to
access and use employee health information for making employment
decisions. No longer will a self-insured employer be able to obtain
employee health information from the group health plan without the
employee’s written authorization.
There is good reason for the new law, Feltes said, Historically,
medical claims information has been transmitted electronically in more
than 400 formats. Designing a uniform format for transmission can not
help but assist in safeguarding the accuracy of medical information.
The new law also gives consumers greater access and control of
information contained in their medical and health-care insurance
records. Patients, for example, will have the right to inspect their
medical and claims records, request amendments to correct errors in
their records and request certain restrictions on how their health
information may be used or disclosed. Record amendments will not be
approved, however, if the information contained therein is accurate or
has clinical significance.
When those matters are not settled to their satisfaction, consumers
will have the right under HIPAA to file a complaint with the health-care
provider or health-care insurer if they believe their privacy rights
have been violated. They also may file a complaint with the Office for
Civil Rights, the agency charged with enforcing the Privacy Rule.
As increasing numbers of agencies and consumers voiced concerns about
the security of health information transmited electronically, the
Privacy Rule was developed.
“Now privacy rules address the confidential and security rules
address the electronic component,” Feltes said. “One of the things
discussed at length was that we’re going to be transmitting across state
lines. Each state had a different body of rules and laws to protect
consumers. It was a patchwork. This uniform Federal law will pre-empt
The end product, HIPAA, is 100 pages of rules and 1600 pages of
commentary, a compilation Feltes describes tongue-in-cheek as “a
monument to micromanagement.”
“Seriously, though, what I have found in dealing with physicians’
offices, hospitals, plans and others involved is that, historically,
they’ve done a pretty good job. This new law is intended that they do
even a better job. It’s similar to what we all received over the last
year and a half from banks and credit card companies due to a Federal
act requiring disclosure.,” Feltes said. “It also empowers individuals.”
At Aultman Hospital, privacy officer Tim Regula said the general
guidelines for what information a hospital is permitted to provide
reporters and others calling for a condition report is straightforward.
“If they ask for a patient by name, yes, we can confirm the fact they
they are here, their location and a one-word condition report,” Regula
said. “When you talk about different hospitals, they may vary a bit in
what they choose to call their patient directory. We define it as
in-patient, emergency room patient and same-day surgery patient.
Patients may opt out as they always have been able to do and then we’ll
say we have no information. If somebody comes in for an X-ray, we don’t
provide information. Other hospitals may include everybody (in the
If a news reporter calls the hospital to inquire about accident
victims but does not have a specific victim name, Regular said, no
information can be given.
At a Office for Civil Rights day-long briefing in Chicago, one of
many Feltes attended, speakers urged consumers who encounter a problem
first to contact the privacy officer of the office affected.
There are stiff penalties for violators of the HIPAA’s Privacy Rule.
They can include criminal fines and incarceration if health information
is sold to telemarketers, for example.
FEDERAL REGISTER NOTICES
Downloaded from the Federal Register Web Site
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office for Civil Rights
Notice of Addresses for Submission of HIPAA Health Information
AGENCY: Office for Civil Rights, HHS.
ACTION: Notification of addresses for submission of HIPAA Health
Information Privacy Complaints for violations occurring on or after
April 14, 2003.
SUMMARY: This notice sets out the addresses for filing a complaint with
the Secretary of the Department of Health and Human Services, for non-
compliance by a covered entity with the standards for privacy of
individually identifiable health information under 45 CFR parts 160 and
164 (the Privacy Rule). The Privacy Rule implements certain provisions
of the Administrative Simplification subtitle of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191.
Complaints must be submitted in writing to the Office for Civil Rights
at the appropriate address, as described below.
EFFECTIVE DATE: April 14, 2003.
ADDRESSES: See SUPPLEMENTARY INFORMATION section for the list of
addresses for filing complaints.
SUPPLEMENTARY INFORMATION: 45 CFR section 160.306 establishes general
provisions for submission of complaints against a covered entity for
non-compliance with the HIPAA Privacy Rule. A person who believes a
covered entity is not complying with these requirements may file a
complaint with the Secretary. A covered entity is a health plan, health
care clearinghouse, and any health care provider who conducts certain
health care transactions electronically. Complaints to the Secretary
must: (1) Be filed in writing, either on paper or electronically; (2)
name the entity that is the subject of the complaint and describe the
acts or omissions believed to be in violation of the applicable
requirements of part 160 or the applicable standards, requirements, and
implementation specifications of subpart E of part 164; and (3) be
filed within 180 days of when the complainant knew or should have known
that the act or omission complained of occurred, unless this time limit
is waived by the Office for Civil Rights for good cause shown.
Complaints to the Secretary may be filed only with respect to alleged
violations occurring on or after April 14, 2003.
The Secretary has delegated to the Office for Civil Rights (OCR)
the authority to receive and investigate complaints as they may relate
to the Privacy Rule. See 65 FR 82381 (Dec. 28, 2000). Individuals may
file written complaints with OCR by mail, fax or e-mail at the
addresses listed below. Individuals may, but are not required to, use
OCR's Health Information Privacy Complaint Form. To obtain a copy of
this form, or for more information about the Privacy Rule or how to
file a complaint with OCR, contact any OCR office or go to www.hhs.gov/
ocr/hipaa/. For more information on what entities are covered by
HIPAA, go to www.cms/hipaa/hipaa2/support/tools/decisionsupport/
As listed below, health information privacy complaints to the
Secretary should be addressed to the OCR regional office that is
responsible for matters relating to the Privacy Rule arising in the
State or jurisdiction where the covered entity is located. Complaints
may also be filed via email at the address noted below.
Where To File Complaints Concerning Health Information Privacy
For complaints involving covered entities located in Connecticut,
Maine, Massachusetts, New Hampshire, Rhode Island, or Vermont:
Region I, Office for Civil Rights, U.S. Department of Health and Human
Services, Government Center, J.F. Kennedy Federal Building--Room 1875,
Boston, Massachusetts 02203. Voice phone (617) 565-1340. FAX (617) 565-
3809. TDD (617) 565-1343.
For complaints involving covered entities located in New Jersey,
New York, Puerto Rico, or Virgin Islands:
Region II, Office for Civil Rights, U.S. Department of Health and Human
Services, Jacob Javits Federal Building, 26 Federal Plaza--Suite 3312,
New York, New York, 10278. Voice Phone (212) 264-3313. FAX (212) 264-
3039. TDD (212) 264-2355.
For complaints involving covered entities located in Delaware,
District of Columbia, Maryland, Pennsylvania, Virginia, or West
Region III, Office for Civil Rights, U.S. Department of Health and
Human Services, 150 S. Independence Mall West, Suite 372, Public Ledger
Building, Philadelphia, PA 19106-9111. Main Line (215) 861-4441.
Hotline (800) 368-1019. FAX (215) 861-4431. TDD (215) 861-4440.
For complaints involving covered entities located in Alabama,
Florida, Georgia, Kentucky, Mississippi, North Carolina, South
Carolina, or Tennessee:
Region IV, Office for Civil Rights, U.S. Department of Health and Human
Services, Atlanta Federal Center, Suite 3B70, 61 Forsyth Street, SW.,
Atlanta, GA 30303-8909. Voice Phone (404) 562-7886. FAX (404) 562-7881.
TDD (404) 331-2867.
For complaints involving covered entities located in Illinois,
Indiana, Michigan, Minnesota, Ohio, or Wisconsin:
Region V, Office for Civil Rights, U.S. Department of Health and Human
Services, 233 N. Michigan Ave., Suite 240, Chicago, Ill. 60601. Voice
Phone (312) 886-2359. FAX (312) 886-1807. TDD (312) 353-5693.
For complaints involving covered entities located in Arkansas,
Louisiana, New Mexico, Oklahoma, or Texas:
Region VI, Office for Civil Rights, U.S. Department of Health and Human
Services, 1301 Young Street, Suite 1169, Dallas, TX 75202. Voice Phone
(214) 767-4056. FAX (214) 767-0432. TDD (214) 767-8940.
For complaints involving covered entities located in Iowa, Kansas,
Missouri, or Nebraska:
Region VII, Office for Civil Rights, U.S. Department of Health and
Human Services, 601 East 12th Street--Room 248, Kansas City, Missouri
64106. Voice Phone (816) 426-7278. FAX (816) 426-3686. TDD (816) 426-
For complaints involving covered entities located in Colorado,
Montana, North Dakota, South Dakota, Utah, or Wyoming:
Region VIII, Office for Civil Rights, U.S. Department of Health and
Human Services, 1961 Stout Street--Room 1185 FOB, Denver, CO 80294-
3538. Voice Phone (303) 844-2024. FAX (303) 844-2025. TDD (303) 844-
For complaints involving covered entities located in American
Samoa, Arizona, California, Guam, Hawaii, or Nevada:
Region IX, Office for Civil Rights, U.S. Department of Health and Human
Services, 50 United Nations Plaza--
Room 322, San Francisco, CA 94102. Voice Phone (415) 437-8310. FAX
(415) 437-8329. TDD (415) 437-8311.
For complaints involving covered entities located in Alaska, Idaho,
Oregon, or Washington:
Region X, Office for Civil Rights, U.S. Department of Health and Human
Services, 2201 Sixth Avenue--Suite 900, Seattle, Washington 98121-1831.
Voice Phone (206) 615-2287. FAX (206) 615-2297. TDD (206) 615-2296.
For all complaints filed by e-mail send to: OCRComplaint@hhs.gov.
FOR FURTHER INFORMATION CONTACT: Lester Coffer, Office for Civil
Rights, Department of Health and Human Services, Mail Stop Room 506F,
Hubert H. Humphrey Building, 200 Independence Avenue, SW., Washington,
DC 20201. Telephone number: (202) 205-8725.
Dated: March 12, 2003.
Richard M. Campanelli,
Director, Office for Civil Rights.
[FR Doc. 03-6651 Filed 3-19-03; 8:45 am]
BILLING CODE 4153-01-P
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
Office for Civil Rights; Statement of Delegation of Authority
Notice is hereby given that I have delegated to the Director,
Office for Civil Rights (OCR), with authority to redelegate, the
following authorities vested in the Secretary of Health and Human
1. The authority under section 262 of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191,
as amended, to the extent that these actions pertain to the Standards
for the Privacy of Individually Identifiable Health Information, to:
A. impose civil monetary penalties, under section 1176 of the
Social Security Act, for a covered entity's failure to comply with
certain requirements and standards;
B. make exception determinations, under section 1178(a)(2)(A) of
the Social Security Act, concerning when provisions of State laws that
are contrary to the federal standards are not preempted by the federal
2. The authority under section 264 of HIPAA, as amended, to
administer the regulations, ``Standards for the Privacy of Individually
Identifiable Health Information,'' 45 CFR Part 164, and General
Administrative Requirements, 45 CFR Part 160, as these requirements
pertain to Part 164, and to make decisions regarding the
interpretation, implementation and enforcement of these Standards and
General Administrative Requirements.
I hereby affirm and ratify any actions taken by the Director of
OCR, or any subordinates, involving the exercise of the authorities
delegated herein prior to the effective date of this delegation. This
Delegation of Authority is effective concurrent with the effective date
of the regulations, 45 CFR Parts 160 through 164.
Dated: December 20, 2000.
Donna E. Shalala,
[FR Doc. 00-33039 Filed 12-27-00; 8:45 am]
BILLING CODE 4153-01-M