HIPAA Summary

HIPAA Overview - The Health Information Portability and Accountability Act of 1996 (HIPAA) was enacted on August 21, 1996. The purpose of HIPAA is to protect the privacy of patient confidential information, as many (if not most) people do not want to have doctors, nurses, or health care institutions sharing their personal medical information with others. For example, if you were found to have AIDS or some other communicable disease it could be very embarrassing to have this information provided to others that do not have a legitimate reason to know about it. HIPAA specifies that medical information should only be shared as necessary medically, or as directed by the patient. The purpose of HIPAA is to specify the guidelines under which personal health information can be shared.

Who Is Covered By HIPAA? - HIPAA applies to insurance providers, health care plans, health care providers, health care clearinghouses, and other organizations that have access to private medical information. Health plans include HMOs, prescription drug insurers, health, dental, and vision plan providers. Health care providers are covered regardless of their size. Health care clearinghouses include companies that manage billing, claims processing, coding, and transcription of medical data. In general terms, HIPAA is meant to apply to any person or entity that will have the opportunity to handle patient information.

What Does HIPAA Protect? - HIPAA covers any "personally identifiable health information". This is true regardless of its format. This includes information received or stored in electronic, paper, or even oral form. There is no time limit on how long the information is protected for -- past or present information is protected equally.

Disclosures Under HIPAA - Of course, some disclosures are necessary. For example, health care providers such as hospitals need to be able to disclose health care information to insurance providers in order to get paid. Certain disclosures are permitted under HIPAA. For example, disclosures to the individual patient are permitted, as are disclosures to other treatment, payment, and health care operations. Disclosures not permitted directly under HIPAA may only be made with the written authorization of the individual.