What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act passed by Congress in 1996. The HIPAA Privacy Rule is a set of federal standards to protect the privacy of patients’ medical records and other health information maintained by covered entities: health plans, which include many governmental health programs, such as the Veterans Health Administration, Medicare and Medicaid; most doctors, hospitals and many other health care providers; and health care clearinghouses. These standards provide patients with access to their medical records and with significant control over how their personal health information is used and disclosed. Compliance with the standards was required as of April 14, 2003 for most entities covered by HIPAA. On that date, OCR began accepting complaints involving the privacy of personal health information in the health care system.
What is important about HIPAA?
One of HIPAA’s most important requirements is that healthcare organizations must implement appropriate administrative, technical and physical safeguards to protect the privacy of patient information. Information subject to this requirement is called Protected Health Information or PHI and is defined as “any information which identifies or could be used to identify an individual and has anything to do with past, present or future physical or mental health conditions, care or payment for care”.
What happens if HIPAA is breached?
The HIPAA Breach Notification Rule requires covered entities and their business associates to notify the Secretary, individuals, and in some cases, the media, regarding breaches of unsecured protected health information. Compliance with the standards is required as of September 23, 2009.
HIPAA PROHIBITS RETALIATION – Under HIPAA an entity cannot retaliate against you for filing a complaint. You should notify OCR immediately in the event of any retaliatory action.
For more information or to file a complaint please click here.