HIPAA & Access to Personally Identifiable Information
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) led to the establishment of strong safeguards to protect the privacy of patient health information. The privacy rule only protects health care information that is personally or individually identifiable, and this is an important distinction that must be understood.-
The Privacy Rule
-
HIPAA prohibits covered entities from disclosing personally or individually identifiable health information unless the patient authorizes disclosure in writing or its use is permitted by an exception listed in HIPAA. Exceptions include disclosure that is needed for treatment of the patient or for payment or health care operations.
What Is A Covered Entity?
-
A covered entity is a term used to describe a health care provider, a health plan or a health care clearinghouse. This covers doctors, hospitals, clinics, insurance companies or health maintenance organizations (HMO).
What Information Is Protected?
-
HIPAA only protects personally or individually identifiable health information. This is defined as information that pertains to the patient's physical or mental health and that identifies the individual. This includes name, address, social security number or birth date.
Enforcement
-
The privacy rules of HIPAA are enforced by the Office for Civil Rights of the Department of Health and Human Services. Individuals who feel their privacy rights were violated can file a written complaint with that office (see Resources).
Penalties
-
Covered entities that violate the privacy rule can face civil charges and fines or even be criminally prosecuted for serious infractions.
-