« It's not too late to choose the right Medicare Part D plan | Main | Tip of the day: Layer up for a cold-weather workout »

December 29, 2008

| More

Buzzword: HIPAA

BuzzwordWhat does it mean? HIPAA refers to the Health Insurance Portability and Accountability Act, a sweeping law passed by Congress in 1996 to help protect workers and their families when they change or lose their jobs. Perhaps the most significant part of HIPAA for consumers is that it makes health records private, setting up a minimum  federal standard of protection for individuals. Stronger privacy protective state laws still remain in effect. States are also free to enact stronger protections in the future.

Why the buzz? Most consumers don't know much about HIPAA beyond the privacy policy notification forms they routinely sign when they see a health-care provider for the first time. Under HIPAA, individually identifiable health information generally cannot be used or shared without your written permission. For example, your provider generally cannot give your health information to your employer, share your information for marketing or advertising purposes, or share private notes about your mental-health counseling sessions. That said, the HIPPA privacy rule does not impose disclosure restrictions on the exchange of your medical files for the purposes of treatment, payment, or other health-care operations.

HIPAA is also somewhat of a toothless tiger in terms of enforcement–at least so far. Although the statute establishes civil and criminal penalties for violations, consumers have no right to sue under HIPAA for violations of privacy. Only the U.S. Department of Health and Human Services or the U.S. Department of Justice has the authority to file an action for violation of HIPAA's privacy rules. Consumers can do little more than file a complaint with HHS, and even when they do there is little chance the agency will take any sort of legal action. Indeed, the agency only recently took its first legal action under HIPAA against a health-care provider, imposing a $100,000 penalty on Providence Health and Services of Seattle. HHS has received more than 40,000 complaints since HIPAA went into effect more than five years ago.

For more information:
Health Privacy Project: Myths and Facts about HIPAA

U.S. Department of Health and Human Services

U.S. Department of Health and Human Services State Law Factsheets

Wikipedia on HIPAA

—Bob Williams, strategic resource director, Consumers Union

Print This Page
Posted at 10:25:41 AM in Doctors & services | Insurance | Prescription drugs

Comments

Post a comment

All comments are reviewed by our moderators, and will not appear on this blog unless they have been approved. Comments that do not relate directly to the blog entry's contents, are commercial in nature, contain objectionable or inappropriate material, or otherwise violate our User Agreement or Privacy Policy, will not be approved. Approved posts generally appear within 24 hours of receipt. For general inquiries not related to this blog, please contact Customer Service.

If you have a TypeKey or TypePad account, please Sign In

RSS Feed

Recent Posts

Categories

Consumer Reports Health Blog Archives

-    November 2009
-    October 2009
-    September 2009
-    August 2009
»    View All

Blogs We Like

More Consumer Reports Blogs

 
We create unbiased health ratings to help you make informed decisions. Learn more
FREE Newsletter
Sign up for our FREE updates delivered by e-mail.
Copyright © 2005-2009 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission.