HIPAA primer

The U.S. Department of Health and Human Services issued patient privacy protections as part of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA contained provisions designed to encourage electronic health transactions while requiring safeguards to maintain the security and confidentiality of patients’ medical information. Compliance with the HIPAA rule was fully enacted in April 2003, affecting most health insurers, pharmacies, hospitals, and doctors. These “covered entities” also typically include scientists conducting biomedical research, which is why informed consent must be obtained when a patient enrolls in a research study.

The final HIPAA rule ensures¹:

• Patient access to information contained in medical record.
• Notice regarding how personal health information may be utilized by approved covered entities.
• Established limits regarding the use of a patient’s medical information.
• Prohibition of the use of personal medical information for marketing purposes.
• Uniform federal privacy protections that do not supercede stronger state laws regarding medical privacy.
• Reasonable efforts are made to maintain confidential communication of health information between patient and provider.
• The ability of a patient to file a formal complaint regarding the privacy practices of a covered entity.

The Department of Health and Human Services Office for Civil Rights (OCR) is responsible for overseeing and enforcing the HIPAA privacy protections. Additional guidance materials and consumer information can be found on the OCR website at http://www.hhs.gov/ocr/hipaa/assist.html.

Additional related links:

• Privacy and Your Health Information http://www.hhs.gov/ocr/hipaa/consumer_summary.pdf
• Your Health Information Privacy Rights http://www.hhs.gov/ocr/hipaa/consumer_rights.pdf
• How to File a Health Information Privacy Claim http://www.hhs.gov/ocr/privacyhowtofile.htm
• Letting Your Personal Health Information Be Used and Shared for Research http://privacyruleandresearch.nih.gov/hippaprivacy/HIPAA.pdf

¹United States Department of Health and Human Services Fact Sheet. “Protecting the Privacy of Patients’ Health Information.” April 14, 2003. Accessed at: http://www.hhs.gov/news/facts/privacy.html.