HIPAA is a US law that establishes requirements for health care eligibility, information sharing, and health record security. Title I guarantees health coverage and prohibits discrimination, while Title II establishes rules for sharing and storing protected health information. The HIPAA Privacy Rule became enforceable law in 2003, and aims to integrate privacy rights into e-health. The US Department of Health and Human Services Civil Rights Office enforces the rule, with violations referred to the Department of Justice.
The Health Insurance Portability and Accountability Act of 1996, often referred to as HIPAA, is a United States law that establishes certain requirements for health care eligibility, information sharing, and health record security. There are two main sections of the deed, called ‘titles’. Title I provides certain guarantees about the availability of health coverage and prohibits discrimination in the provision of health insurance services. In Title II, the law establishes definitions of “protected health information” and establishes “administrative simplification” rules regarding how such information can be shared and stored online and in electronic databases. Collectively, the Administrative Simplification Rules are known as the HIPAA Privacy Rule.
Although HIPAA legislation was enacted in 1996, the HIPAA Privacy Rule did not become enforceable law until 2003. The data protection and compliance requirements required by the HIPAA Privacy Rule are significant and affect a large number of entities. Many businesses, hospitals and doctors’ offices needed time to update their medical record systems and IT security plans to comply with the rule’s many provisions.
In many ways, the HIPAA privacy rule was born out of a desire to encourage the use of electronic health programs. Digital medical records, pharmacy files and medical records can make treatments much more efficient in many circumstances. Electronic programs can collect information in such a way that dangers such as potential side effects of medications can be detected, and all relevant history of a patient can be easily viewed by doctors prescribing treatment, no matter where the doctors are located. However, files stored electronically carry a much greater risk of misuse than paper files. Digital files can easily be manipulated or accidentally shared, making the risk of privacy violations – and sometimes even data and identity theft – a very real possibility.
United States law gives individuals the legal right to privacy in individual health information. This right extends to diagnosis and treatment as well as medical history and family statistics. One of the goals of the HIPAA privacy rule is to integrate these privacy rights into the growing field of e-health, to ensure that privacy is maintained no matter how sophisticated the technology becomes. The rule establishes certain obligations for healthcare professionals and other entities that access medical information and clarifies a spectrum of rights for patients and individuals.
The United States Department of Health and Human Services (HHS) Civil Rights Office enforces the HIPAA privacy rule. This HHS office is responsible for both responding to individual complaints and conducting independent investigations. Because HIPAA is a federal law, perceived violations are typically referred to attorneys at the United States Department of Justice for further investigation and prosecution.
Protect your devices with Threat Protection by NordVPN
