Health Insurance Portability and Accountability Act
HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. HIPAA requires the protection and confidential handling of protected health information including patient health information, demographic information, physical or mental health, health care payment provisions, and client identity. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. Failure to comply with HIPAA can result in civil and criminal penalties (42 USC � 1320d-5).
Scenarios of HIPAA violations:
- Telling friends or relatives about clients that are under your care
- Discussing private health information in public areas
- Discussing private health information over the phone in a public area
- Not logging off your computer or a computer system that contains private health information
- Including private health information in an unsecured text or email