Mobile Menu Button

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law establishing standards to ensure the confidentiality of individually identifiable health information. These national standards are designed to protect an individual’s protected health information and give individuals increased access to their medical records.

Federal Rules

The federal rules generally prohibit a covered entity from using or disclosing protected health information unless authorized by an individual, except where this prohibition would result in unnecessary interference with access to quality health care or with certain other important public benefits or national priorities. To avoid interfering with an individual’s access to quality health care or the efficient payment for such health care, the privacy rules permit a covered entity to use and disclose protected health information, with certain limits and protections, for treatment, payment and health care operations.

  1. Give patients more control over their health information.

  2. Set boundaries on the use and release of health records.

  3. Establish appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.

  4. Hold violators accountable, with civil and criminal penalties that can be imposed if there is a violation of an individual’s privacy rights.

  5. Strike a balance when public responsibility supports disclosure of some forms of data. For example, to protect public health.

  6. Enable an individual to find out how their information may be used and about certain disclosures of their information that have been made.

  7. Limit the release of information to the minimum reasonably needed for the purpose of the disclosure.

  8. Give patients the right to examine and obtain a copy of their own health records and request corrections.

  9. Empower individuals to control certain uses and disclosures of the individual’s health information.

Privacy Practices

The Notice of Privacy Practices describes how the agency can use and disclose medical information collected about people receiving services. The notice also explains how people can obtain access to this information.