Return to Governance and Regulation
Health Insurance Portability and Accountability Act (HIPAA) is United States legislation providing data privacy and security provisions for safeguarding medical information that is collected and controlled by Health Plans, Health Care Providers and Health Care Clearinghouses. The law ganed in importance in recent years beause cyber attacks have allowed the medical records data secuirty perimeters to be breached.
The federal law was signed by President Bill Clinton on Aug. 21, 1996. HIPAA overrides state laws regarding the safety of medical information, unless the state law is considered more stringent than HIPAA. https://searchhealthit.techtarget.com/definition/HIPAA
We call the entities that must follow the HIPAA regulations “covered entities.”
Covered entities include:
In addition, business associates of covered entities must follow parts of the HIPAA regulations.
Often, contractors, subcontractors, and other outside persons and companies that are not employees of a covered entity will need to have access to your health information when providing services to the covered entity. We call these entities “business associates.” Examples of business associates include:
Covered entities must have contracts in place with their business associates, ensuring that they use and disclose your health information properly and safeguard it appropriately. Business associates must also have similar contracts with subcontractors. Business associates (including subcontractors) must follow the use and disclosure provisions of their contracts and the Privacy Rule, and the safeguard requirements of the Security Rule.
Many organizations that have health information about you do not have to follow these laws.
Examples of organizations that do not have to follow the Privacy and Security Rules include:
Health insurers and providers who are covered entities must comply with your right to:
You should get to know these important rights, which help you protect your health information.
You can ask your provider or health insurer questions about your rights.
Learn more about your health information privacy rights - PDF.
The Privacy Rule sets rules and limits on who can look at and receive your health information
To make sure that your health information is protected in a way that does not interfere with your health care, your information can be used and shared:
Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot: