Site logo

What is HIPAA?

HIPAA stands for the Health and Insurance Portability and Accountability Act of 1996. This U.S. law maintains strict regulations over who has access to patient medical information and how that information may be shared.

Under HIPAA, covered entities may use or disclose a patient’s protected health information (PHI) without a patient’s permission only under the following exceptions:

    • Treatment, healthcare operations, and payment purposes
    • Sharing information with the patient
    • Offering the opportunity to confirm or reject the disclosure of PHI
    • Using within a limited data set for public health, research, or healthcare operations
    • An unavoidable, limited incident that requires disclosure

Sharing patient medical information may not require approval if the reason for sharing it meets one of 12 national priority purposes. These are rare and unique exceptions to a rule that is otherwise stringent in its requirements for the protection of a patient’s personal, private medical information.

Why was HIPAA created?

The original purpose of HIPAA was to make healthcare more efficient and secure while encouraging Americans to seek health coverage by reducing privacy risks. During the 1990s, many Americans were concerned about their medical information being shared over newly established electronic systems. With HIPAA, the U.S. government created a set of rules and regulations that protected patients’ medical information, reduced privacy concerns, and empowered medical professionals to use more efficient modern systems.

What are HIPAA forms?

HIPAA forms include features that enable them to follow and adhere to the HIPAA Privacy Rule. These include forms for medical history, online appointment scheduling, new patient enrollment, and more. However, there are two HIPAA-friendly forms that medical professionals most commonly use:

    • Privacy forms: Doctors’ offices typically give these forms to patients on their first visit. They detail how the office might share PHI with covered entities.
    • Authorization forms: Healthcare providers often use these forms, also known as release forms, to acquire permission to share PHI with designated individuals.

Using HIPAA forms helps your office protect any information a patient provides. These forms are vital for daily healthcare operations.

Who is covered by HIPAA?

HIPAA is designed to protect personal health information, which means there are specific individuals and organizations that must adhere to the privacy rule. These subjects, also known as covered entities, include the following:

  • Healthcare providers
  • Health plans (e.g., health/dental/vision/prescription drug insurers, health maintenance organizations (HMOs), Medicare, Medicaid, long-term care insurers, employer-sponsored group health plans, and more)
  • Healthcare clearinghouses
  • Business associates to any of the above entities

These covered entities are required to comply with HIPAA and may face legal consequences for failing to do so. Their use and distribution of PHI are strictly monitored, and they must use it only for its intended purposes, as laid out by HIPAA.

Who enforces HIPAA?

The Office of Civil Rights (OCR) is responsible for enforcing HIPAA regulations. It began enforcing the HIPAA privacy rule in 2003. Since taking control of HIPAA regulations, the OCR has worked diligently to enact systematic changes in the American medical system that ensure the safety and security of patients’ civil rights.

Why is HIPAA compliance important?

The main benefit of HIPAA is that it protects against the unauthorized use and disclosure of a person’s private medical information. This helps people control private and potentially sensitive information about their well-being and allows them to share such information with their doctors without having to worry about unauthorized disclosure.

HIPAA also holds medical entities accountable for any potential breaches and enforces a patient’s right to privacy with significant repercussions. Most medical professionals wouldn’t share this private information regardless. However, repercussions for unwanted disclosure bring patients peace of mind and help medical professionals get the most accurate information possible.

What is protected health information (PHI)?

Protected health information (PHI) is any information healthcare entities receive detailing preexisting, current, or upcoming physical or mental health concerns or conditions of a patient. It also includes healthcare and payment records, as well as invoices for healthcare provided to an individual.