The Health Insurance Portability and Accountability Act (HIPAA) provides specific rights to consumers pertaining to personal and identifiable health information. Enacted in 1996, HIPAA provides the framework necessary to establish proper safeguarding requirements, dissemination procedures and complaint handling related to health information, three areas in which consumers have raised questions about the law.
Purpose
The movement toward electronic health records has put the spotlight on personal privacy as it relates to personal health care information and documents. Many questions arise about who must follow the law and the intent of the law. HIPAA provides consumers with protection of medical records, notes taken by physicians or health care professionals, conversations between interested parties and information obtained for health insurance purposes. Health plan providers, health care providers and health care clearinghouses all must follow the rules and regulations laid out by HIPAA. In addition, privacy protection provided by HIPAA covers any information provided for billing purposes.
Consumer Access
HIPAA makes it possible for individual consumers to request copies of medical records. The law allows consumers to request a copy of their medical records from all medical providers; it also requires consumer authorization before any pertinent information can be released for certain purposes, including marketing efforts. HIPAA does allow the release of medical information for public health safety and law enforcement purposes without prior authorization by consumers. HIPAA also allows consumers to request corrections of incorrect information contained in their medical records.
Enforcement
The Office of Civil Rights enforces and oversees HIPAA regulations. Ensuring covered entities maintain and follow appropriate training standards for employees and contractors represent just a few of the requirements in place to ensure HIPAA implementation and adherence. Teaching employees and contractors to share information on a need-to-know basis only helps protect consumer privacy. In addition, HIPAA also dictates the procedures for filing a complaint when consumers believe medical information is being shared in an inappropriate and unlawful manner.