Who Must Obey HIPAA Regulations?HIPAA applies to nearly all health-care providers, but especially those who keep much of their information online. This includes most doctors, nurse practitioners, psychologists, dentists and chiropractors. Hospitals, clinics, nursing homes and other health-care facilities are also bound by HIPAA to protect patient privacy
Who is Exempt?Not all individual medical information is housed with health-care providers. Other people and organizations, including employers, life insurers, workers compensation carriers, schools, health and human services agencies and law enforcement agencies also have individual medical information. Many of these agencies are exempt from HIPAA.
In some cases, these HIPAA exemptions allow agencies and organizations to share information about medical procedures or conditions without revealing the individual's name. For example, school officials may notify parents when a student infected with a contagious disease such as H1N1 has come in contact with other students, without revealing the name of the infected student.
In other cases, these exemptions allow agencies to reveal both medical and identifying information to other agencies or individuals, such as when hospital personnel report cases of suspected child abuse or gunshot wounds.
How Confidential is My Information?HIPAA covers most of the information shared with or discovered by health-care providers during office visits and procedures. Personal information disclosed during registration, such as address, phone number and other billing information is private. Conversations with your doctor, nurse or other provider about your condition or procedure are considered confidential, according to HIPAA. The conversations of your providers in public areas, such as hallways or elevators, must not identify you or your condition in such a way that could disclose who you are.
The office or hospital visit and any procedures performed must be done in a way that protects both your identity and your medical information from those who are not involved in your care, meaning that employees cannot disclose information about your visit or procedure without your consent.
Your medical records are restricted to those who need to see them to provide treatment or insurance information. No one who is not involved in your treatment is allowed by HIPAA to have access to these records without your permission. The Health Insurance Portability and Accountability Act of 1996, better known as HIPAA, was enacted in recognition of the increasing use of electronic record keeping, which can make personal and medical information of those who visit clinics, hospitals and other health facilities vulnerable. Congress mandated privacy protections that encompass both medical records and medical-care and procedures.