›› Aims of HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)  was enacted and enforced in the year 1996 when the US Congress enacted the law and made it mandatorily applicable to all ‘covered entities’. These ‘covered entities’ have been listed in the HIPAA laws and the long list include each and every person or organization who handles a patients private identifiable data in any form at any place through any means. The 2003 amendment made it even stricter in the sense the Privacy protection rule was given mandate and was enforced to protect the private medical data which moved between all health plans, clearing agents, hospitals, insurers who use electronic format for storage of medical records and information. This privacy rule requires unqualified protection to the access, misuse of any individual’s identifiable health care data. Non-compliance carries very heavy civil and criminal liabilities on the offenders under the federal law. The HIPAA does not replace any existing law as some of the states have even more strict and stringent rules and regulation in place to protect he privacy of a patient’s data.

Any covered entity under HIPAA is permitted to use the medical records of a patient and make certain specific disclosures of medical information only if there exists certain safeguards in the place of disclosure which prevent the use of such information for any such purpose which is not permitted under HIPAA. The safeguards mean and include a doctor’s discretion in discussing patient’s medical records and other safeguards mainly concerned with storage of the medical records in a secured location on HIPAA compliant servers with controlled access, network protection and protection against physical access.

Under the Privacy Rules, where disclosures have to be made for permitted purposed only the minimum necessary information will only be disclosed. This minimum limit does not apply to request by doctors for treatment purpose access by the individual himself for his own use.