The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law that creates national standards to protect sensitive patient health information, known as protected health information (PHI), that is handled by certain individuals and “covered entities” subject to HIPAA law. Generally, HIPAA applies to the following individuals and “covered entities”:
- Healthcare providers who electronically transmit health information in connection with certain transactions, including claims, benefits, referrals.
- Health plans including physical and mental health, dental, vision, and prescription drug insurers, health maintenance organizations (HMOs), government healthcare providers and insurers, long-term and end-of-life care (nursing home) providers and insurers, employer-sponsored group health plans (except employers with less than 50 employees in a group plan), church and religious health plans, and multi-employer plans.
- Healthcare clearinghouse entities that process nonstandard health information they receive from another entity into a certain standard format or data.
- Business associates including persons or organizations, often who are third parties, who are using or disclosing individually PHI to perform or provide functions, activities, or services for a covered entity. Business associates include claims processors, data analysts, utilization reviewers, and billing service providers.
Any individual who is covered by HIPAA has specific rights regarding their protected health information under the law. These rights include the right to:
- Inspect and copy their health records
- Amend their health records
- Request an accounting of disclosures of their health records
- Request restrictions on the use and disclosure of their health records
- File a complaint with the Secretary of Health and Human Services (HHS) if they believe their HIPAA rights have been violated
HIPAA is an important law that helps to protect the privacy of individuals’ health information. Individuals should be aware of their rights under HIPAA and should take steps to protect their health information.
Covered entities must take steps to protect the privacy of individuals’ health information. Specifically, HIPAA requires covered entities to:
