The shift of medical records from paper to electronic formats has increased the potential for individuals to access, use, and disclose sensitive personal health data. Although protecting individual privacy is a long-standing tradition among health-care providers and public health practitioners in the United States, previous legal protections at the federal, tribal, state, and local levels were inconsistent and inadequate. The U.S. Department of Health and Human Services (DHHS) has addressed these concerns with new privacy standards that set a national minimum of basic protections, while balancing individual needs with those of society. Thus, HIPAA was created.
The Health Insurance Portability and Accountability Act, (HIPAA), of 1996 was enacted by the U.S. Congress in 1996. It was originally sponsored by Senator Edward Kennedy and Senator Nancy Kassebaum. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
The HIPAA Privacy Rule regulates the use and disclosure of certain information held by "covered entities" (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.) It establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is individually identifiable health information that is transmitted or maintained in any form (ex. electronic, paper, or oral), but excludes certain educational records and employment records. This is interpreted broadly and includes any part of an individual's medical record or payment history.
The Privacy Rule does not apply to all persons or entities that regularly use,...