Law 101: The HIPAA Privacy Rule, Part 1
Quiz: The HIPAA Privacy Rule which protects the privacy of patients' medical and health records does NOT apply to:
d) Health insurance plans
e) It applies to all the above
There are few things as well known yet as poorly understood as The Health Insurance Portability and Accountability Act, commonly known as “HIPAA.” The portion that is most relevant to both practitioners and patients is HIPAA's privacy rule establishing national standards to protect medical records and other personal health information. As a general rule, it prohibits release of a person's medical records without the person's written consent, and it creates penalties for the unauthorized release of such records by health care providers and medical plans.
Who Does HIPAA Apply To?
The privacy rule applies to most hospitals, many health care providers (including doctors, clinics, psychologists, dentists, chiropractors, nursing homes and pharmacies), health care clearinghouses, and health plans, including many government health programs such as Medicare, Medicaid, and the Veterans Health Administration. These are referred to as “covered entities” by the Centers for Medicare & Medicaid Services (CMS). Determining who is a covered entity is so complicated that CMS has online guidance in the form of Covered Entity Charts available online.
It is important to note that HIPAA only applies to a specific list of medical professionals and entities, and does not apply to reporters, media, or others (although they could potentially be sued for other reasons for disclosing such information). HIPAA, and its enforcement, is limited only to the covered entities described by CMS.