What Are HIPPA Regulations?

The U.S. Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996 to ensure the safety of our personal health information and protect our rights. The government later added provisions to prevent advances in electronic technology.from eroding the privacy of personal health information.


The U.S. Department of Health and Human Services (HHS) established the Privacy Rule in December 2000 (later modified August 2002). The rule protects patients' health records and any other health information. The rule gives patients control over their medical information and set limits on who can view or receive this information. The rule applies to written, oral and electronic health information.


In February 2003, the HHS established the Security Rule to safeguard the integrity, confidentiality and availability of health information that is stored electronically. The rule requires that the appropriate safeguards be in place to ensure electronic information is protected.

Covered Entities

Health plans, including HMOs, company health plans and health insurance carriers must follow HIPAA regulations. Doctors, hospitals, clinics, pharmacies, dentists and nursing homes must also abide by HIPAA. Medicare and Medicaid are bound by HIPAA regulations, as clearinghouses that electronically store health information received from another entity.

Excluded Entities

Life insurers, law enforcement agencies, state agencies such as Child Protective Services, school districts, many municipal offices and workers compensation carriers are not bound by HIPAA regulations.

Protected Information

HIPAA regulations protect information contained in your medical record regarding discussions with other doctors about your care and treatment, health insurance information, billing information and any other information held by other entities. HIPAA requires that use and disclosure of health information must be limited to only those necessary to accomplish a treatment objective. Covered entities must have written agreements with contractors and others to ensure health information is properly disclosed and safeguarded. Limits must be placed on who can view and access patient information, and employees must be trained on how to protect health information.

Patient Rights

A patient may request a copy of his medical records and request revisions or corrections. You also may request a report of when and why your information was shared and for what purpose. Covered entities must abide by your wishes if you request your health information not be used or shared for purposes such as marketing. You can file a complaint with your health provider or insurer or the U.S. government, if you feel your health information is being compromised or your rights are denied under HIPAA.