what is HIPAA?

Source: Centers for Medicare and Medicaid Services

HIPAA means Health Insurance Portability and Accountability Act. It is a federal law approved by Congress in 1996 to protect individuals' medical records and other personal health information.

Health plans and health care providers are required to comply with HIPAA.

Private insurance plans, Medicare, Medicaid, doctors, physician assistants, nurses, pharmacists, pharmacy technicians, and any other entity that handle personal health information must comply with HIPAA.

The bottom line about HIPAA is that any person who handles or transmits health information must maintain reasonable and appropriate administrative, technical, and physical safeguards in order to ensure the integrity and confidentiality of the information and to protect against any threats or hazards to the security or integrity of the information, and unauthorized uses or disclosures of the information.

HIPAA permits a health care provider to use professional judgment and experience with common practice to make reasonable inferences about the patient's best interests in allowing another person to act on behalf of the patient to pick up a filled prescription, medical supplies, X-rays, or other similar forms of protected health information.

For example, when a person comes to a pharmacy requesting to pick up a prescription on behalf of an individual he identifies by name, a pharmacist, based on professional judgment and experience with common practice, may allow the person to do so.

On the other hand, a person who maliciously obtains identifiable health information relating to an individual or discloses individually identifiable health information to another person without permission, will be punished under HIPAA.

If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, then the offender can be imprisoned up to 10 years.

Nowadays, health care providers of all types and sizes have been training their employees on how to handle personal health information and have been securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.

HIPAA created national standards such as:
-- it promotes the use of medical savings accounts.
-- it gives patients more control over their health information.
-- it sets boundaries on the use and release of health records.
-- it combats waste, fraud, and abuse in health insurance and health care delivery.
-- it empowers individuals to control certain uses and disclosures of their health information.
-- it limits release of information to the minimum reasonably needed for the purpose of the disclosure.
-- it gives patients the right to examine and obtain a copy of their own health records and request corrections.
-- it holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients' privacy rights.
-- it strikes a balance when public responsibility supports disclosure of some forms of data - for example, to protect public health.
-- it establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
-- it enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.

If you want more information about HIPAA, go to the Centers for Medicare and Medicaid Services site