The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed by President Clinton on August 21, 1996. The Act is designed to protect health insurance coverage for workers and their families when they change or lose their jobs. Also known as the Kennedy-Kassebaum Bill, provisions of HIPAA intend to ensure patient confidentiality for all health care related information. The requirements of HIPAA apply to any entity storing and/or transmitting patient identifiable information on electronic media. This affects virtually all health care organizations from physicians and insurance companies to health care support organizations. HIPAA contains a crucial section called Administrative Simplification. Provisions of this section are intended to reduce the costs and administrative burdens of health care by making possible the standardized, electronic transmission of many administrative and financial transactions that are currently carried out manually on paper. Administrative Simplification includes sub-sections on the privacy and security of patient data that mandate standards in safeguards for physical storage & maintenance, transmission, and access to individual health information. Compliance with the provisions of Administrative Simplification will be required within the next three to four years and those entities that do not comply with these regulations will be subject to stiff civil and criminal penalties.

- It gives patients more control over their health information.

- It sets boundaries on the use and release of health records.

- It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.

- It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients' privacy rights.

- And it strikes a balance when public responsibility supports disclosure of some forms of data - for example, to protect public health.

For patients - it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.

- It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.

- It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.

- It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.

- It empowers individuals to control certain uses and disclosures of their health information.

For a 4 page general Fact Sheet describing patients' rights and the responsibilities of health plans, doctors and other covered entities, click here or download a PDF file here.

For a 20 page summary with regulatory citations of key elements of the Privacy Rule including who is covered, what information is protected, uses and disclosures of protected health information, and individual rights provided in the Rule, click here or download a PDF file here.

For more information, for a list of Frequently Asked Questions, to view the complete Rule, or any other questions you may have, please visit the United States Department of Health and Human Services, Office for Civil Rights at http://www.hhs.gov/ocr/hipaa/ or click on the banner below.