We've all been to doctors, hospitals or some other medical practice at one time or another. Some have even retained an attorney in relation to an accident. If you are one of those, then you've seen HIPAA forms before and have signed them either at the medical facility or at the attorney's office. But, do you really know what HIPAA is and what it does? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act. This was a US law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers. This very issue of privacy is at the heart of HIPAA, which went into effect on April 14, 2003. Thanks to HIPAA, it is easier for terminally ill patients to obtain health insurance. The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. HIPAA gives patients more control over their health information and who can have access to it. It also sets boundaries on the use and release of health records.
HIPAA was enacted as a broad Congressional attempt at a healthcare reform. It was initially introduced in Congress as the Kennedy-Kassenbaum Bill. The landmark Act was passed in 1996 with two objectives. One was to ensure that individuals would be able to maintain their health insurance between jobs.
A Breach of protected health information is defined as the acquisition, access, use, or disclosure of unsecured PHI, in a manner not permitted by HIPAA, which poses a significant risk of financial, reputational, or other harm to the affected individual.
There is no private cause of action allowed to an individual to sue for a violation of the federal HIPAA or any of its regulations. This means an individual does not have the right to sue based on a violation of HIPAA itself. However, an individual may have a right to sue based on state law. If you believe that a HIPAA-covered entity or its business associate has violated your (or someone else's) health information privacy rights or committed another violation of the Privacy, Security, or Breach Notification Rules, you may file a complaint with the Office for Civil Rights (OCR).
One last note, do HIPAA laws apply to spouses? The answer is yes. The HIPAA Privacy Rule at 45 CFR 164.510 (b) specifically permits covered entities to share information that is directly relevant to the involvement of a spouse, family members, friends, or other persons identified by a patient, in the patient's care or payment for health care.
Now, every time you sign a HIPAA form, you can be confident knowing that you are informed as to its meaning and how it protects you as a patient.