The Health Insurance Portability and Accountability Act (commonly known as HIPAA) is a federal statute in the United States. The HIPAA was created to help modernize how health information flows and to stipulate how personal and sensitive information is maintained in the healthcare and insurance industries. Namely, this type of information is protected from theft and fraudulent use under the HIPAA.
HIPAA does many different things. While the major change was to place significant restrictions on how a patient’s information can and should be used, it also mandates that sensitive patient information cannot be shared with outside entities except in extremely rare circumstances. Such rare circumstances include searches for fugitives. Under HIPAA, patients have the right to restrict the disclosure of their medical information. Essentially, it puts more control of one’s medical information into the hands of the patient, rather than insurance and health care providers. Protected health information often includes demographic information, such as names, phone numbers, emails, home addresses, social security numbers, inpatient records, financial information, and photos.
HIPAA compliance is very important for healthcare providers to follow. It is regulated by the Department of Health and Human Services (also known as the HHS) and enforced by the Office for Civil Rights (also known as the OCR). The OCR will maintain HIPAA compliance by performing routine guidance on new problems that arise in healthcare and investigating HIPAA violations on a regular basis.