The Health Insurance Portability and Accountability Act (HIPAA) directs the federal government to create new regulations governing the privacy of health care information. On Dec. 28, 2000, the Department of Health and Human Services published in the final rule creating new federal privacy rights for personal health information.

In a nutshell, according to the Dept. of HHS, the new rule:

1. Requires health plans and providers to inform patients about how their information is being used and to whom it is disclosed. It also gives each individual patient a right to a "disclosure history," listing the entities that received information unrelated to treatment or payment.
2. Limits the release of private health information without consent.
3. Gives patients access to their own health file and the right to request amendments or corrections.
4. Restricts the amount of information used and disclosed to the "minimum necessary." Currently, health care providers and plans often release a patient's entire health record even if an employer or other entity only needs specific information, such as the information necessary to process a worker’s compensation claim.
5. Requires the establishment of privacy-conscious business practices. The regulation requires the establishment of internal procedures to protect the privacy of health records. They include: training employees about privacy considerations in the workplace; receiving complaints from patients on privacy issues; designating a "privacy officer" to assist patients with complaints; and ensuring that appropriate safeguards are in place for the protection of health information.
6. Creates new criminal and civil penalties for improper use or disclosure of information.

Find out more:

Dept. of Health and Human Services Privacy Rulemaking
HSS Office of Civil Rights Privacy Rulemaking Page
JHITA HIPPA Portal