HIPAA, the Health Insurance Portability and Accountability Act of 1996, was passed to protect an employee's health insurance coverage when they lose or change jobs. It also has provisions to ensure the privacy and confidentiality of identifiable health information.
Everyone's medical situation is different; however, this article strives to help define HIPAA by providing you with an overview of some common HIPAA violations experienced by health care providers and patients. Links to HIPAA experts are provided at the end of this article for your specific questions.
Scenarios that Violate HIPAA
- Telling friends or relatives about patients in the hospital
- Discussing private health information in public areas of the hospital, including the lobby of a hospital, an elevator or the cafeteria
- Discussing private health information over the phone in a public area
- Not logging off your computer or a computer system that contains private health information
- HIPAA regulations for "need to know" include: The security guard in a healthcare institution needs to know the name and room number of patients to guide visitors. This is allowed; but, any other information, such as diagnosis or treatment, is not to be disclosed.
- HIPAA regulations for "need to know" include: A nurse needs access to private health information for the patients in his/her unit but not for any patients that are not in that unit.
- HIPAA regulations for "minimum necessary" include: A health insurance company will need information about the number of visits the customer had; but, isn’t allowed to view the entire patient history.
- Allowing members of the media to interview a patient in a substance abuse facility
- Including private health information in an email sent over the Internet
- Releasing information about minors without the consent of a parent or guardian
HIPAA regulates the use, transfer, and disclosure of identifiable health information. With these examples of common HIPAA violations, you can probably better understand HIPAA and the types of behaviors it prohibits.
If you are looking for specific information about HIPAA or about a specific medical situation, these resources provide more detailed information about the law and what it does/does not cover:
- National Institutes of Health - Education materials including .pdf files with the actual HIPAA wording, Office for Civil Rights HIPAA Guidance, HIPAA Privacy Rule, decision tools for Medicare and Medicaid services and the final HIPAA Enforcement Rule
- HHS Frequently Asked Questions
- HHS HIPAA Complaints - Detailed information on how to file a complaint with the HHS Office for Civil Rights about a HIPAA violation.
If you have questions about how HIPAA might or might not apply in your specific medical situation, you can maintain your privacy by asking your medical care provider or by searching the HHS Frequently Asked Questions.