Health Insurance Portability and Accountability Act

HIPAA, the Health Insurance Portability and Accountability Act of 1996, is federal legislation originally designed to protect health insurance coverage for workers and their families:

  • when they change or lose their jobs,
  • if they are self-employed, or
  • if there are preexisting medical conditions

As more and more hospital patient records are being placed in electronic files, stricter regulations needed to be put in place to secure patient confidentiality.

HIPAA was expanded to protect confidential health care information through improved security standards and federal privacy legislation. These regulations restrict the use and release of private health information transmitted or maintained by computers.

Under HIPAA regulations, patients must approve the release of their information. Doctors, hospitals and health plans may not release a patient's information for purposes unrelated to treatment and payment without written consent. When required to release medical information, health organizations must only release the minimum amount of information necessary for each case instead of a patient's entire record. For example, when paying for medical services, no medical treatment information will be sent to banks or credit card companies.

The HIPAA regulations will:

  • Change the way health care organizations exchange electronic health care data; 
  • Establish new standards for administrative health care transactions, procedure and diagnosis coding and identification numbers for providers, insurers and individuals;
  • Create new security rules to ensure the safety and privacy of individually-identifiable health care information and records.