July 31, 2011
This is a recently updated HIPAA fact sheet from Privacy Rights Clearinghouse. With the advent of Electronic Health Records and other digital health initiatives, this is a invaluable resource.
Today you have more reason than ever to care about the privacy of your medical information. Intimate details you revealed in confidence to your doctor were once stored in locked file cabinets and on dusty shelves in the medical records department.
Now, sensitive information about your physical and mental health will almost certainly end up in data files. Your records may be seen by hundreds of strangers who work in health care, the insurance industry, and a host of businesses associated with medical organizations. What’s worse, your private medical information is now a valuable commodity for marketers who want to sell you something.
The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to set a national standard for electronic transfers of health data. At the same time, Congress saw the need to address growing public concern about privacy and security of personal health data. The task of writing rules on privacy eventually fell to the U.S. Department of Health and Human Services (HHS). After several modifications, DHHS issued the HIPAA Privacy Rule.
The Privacy Rule was effective on April 14, 2003, for most health care providers, health plans, and health care clearinghouses. Small plans had until April 14, 2004 to comply.
If you expect HIPAA to restore your confidence that sensitive medical data is a matter between you and your doctor, you will be disappointed. HIPAA sets the standard for privacy in the electronic age where health industry, government, and public interests often prevail over the patient’s desire for confidentiality.
This guide explains the complex provisions of HIPAA’s Privacy Rule as well as recent measures to strengthen privacy and data security as the country moves closer to a system of electronic health records. It covers HIPAA’s high points and low points regarding your health privacy. For more information on HIPAA and additional rules that are not explained here, go to the References section at the end of this guide.
[Also see our FAQ on medical privacy.]
- HIPAA Privacy Rule: Benefits and Shortcomings
- Who Is Covered by HIPAA? Who Is Not Covered?
- Medical Information: What Does HIPAA Cover?
What Is “Protected Health Information?” What Is “Minimum Necessary?”
- Control of Your Medical Information: ” Consent” and “Authorization”
- More About Your Right to Access Your Medical Records
- Your Health Records and Your Employer
- Your Health Records and the Government
- Your Health Information and Your Credit Report
- HIPAA and Your Daily Routine
- Complaints and Penalties for Violations
- The HIPAA Security Rule
- Electronic Health Records (EHRs)
- The 2009 Stimulus Law, Electronic Health Records, and Privacy
- Health Information Privacy in California
- Tips for Safeguarding Your Medical Information
- References and Resources