What Is the HIPAA Privacy Act?

Consumer Protection

• Health information protected for each consumer includes, but isn't limited to, information written by health care providers, external communications about individual health by providers and billing information relating to individual health.

Covered Entities

• Institutions for which health information is regulated under this act are called covered entities, which include insurance companies, clinics, hospitals, pharmacies and dentists.

Non-Covered Entities

• Certain organizations that hold consumer health records that aren't covered under the act include life insurance companies, some school districts, most state agencies and some employers.

Public Health

• Though the act regulates personal health information disclosure for certain covered entities, those entities must disclose certain information, personal health included, to certain public health authorities if the information could be vital to the prevention of a contagious disease.

Research

• Covered entities can use individual health information for research purposes only if they receive individual authorization first. The only time when individual authorization isn't required is if the covered entity obtains approval from the Documented Institutional Review Board or the Privacy Board.