Each time a patient sees a doctor, is admitted to a hospital, goes to a pharmacist, or sends a claim to a health plan, a record is made of their confidential health information. In the past, family doctors and other health care providers protected the confidentiality of those records by sealing them away in file cabinets and refusing to reveal them to anyone else. Today, the use and disclosure of this information is protected by a patchwork of state laws, leaving gaps in the protection of patients' privacy and confidentiality.
“Congress recognized the need for national patient record privacy standards in 1996 when they enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law included provisions designed to save money for health care businesses by encouraging electronic transactions, but it also required new safeguards to protect the security and confidentiality of that information.” (Pabrai, 2003) The law gave Congress until August 21, 1999 to pass comprehensive health privacy legislation. When Congress did not enact such legislation after three years, the law required the Department of Health and Human Services (HHS) to craft such protections by regulation.
There are three parts to HIPAA: Privacy, Code Sets, and Security. In addition, Security is broken down into four parts: Administrative Procedures, Physical Safeguards, Technical Security Services (covering data at rest, within the local area network), and Technical Security Mechanisms (covering data in transmission, over any type of communications network).
The Privacy Rule
“The HIPAA Privacy Standards require physicians to protect the privacy of patients' medical information. Physicians are required to control the ways in which they use and disclose patients' protected health information. In addition, physicians are required to offer patients certain rights with respect to their information, such as the right to access and copying, the right to request amendments, and the right to request an accounting.” (Beaver, 2004)............................
