HIPAA, or the Health Insurance Portability and Accountability Act, is designed to ensure the privacy of patient medical records. It states exactly what information is covered and who is eligible to view this information. Information entered by physicians and nurses into a medical chart is covered by HIPAA, as are conversations between a patient and a physician and any information about a patient that is on an office computer system.
The rights a patient has under HIPAA include being able to view his own medical records, granting permission of personal information to be shared and asking that errors be corrected in his medical records.
Groups that must follow HIPAA regulations include most health care providers, insurance companies and outside businesses, such as medical billing and transcription companies. Groups and organizations that are not required to follow HIPAA rules include police departments, employers, schools and certain state agencies, such as child protection services.
Groups that must follow HIPAA guidelines must have appropriate training for all staff. Access to private information must be limited only to authorized personnel, and a plan of action must be in place in case private information is seen by unauthorized persons. A backup plan to relocate all medical information in the event of a natural disaster or other emergency must also be in place.
HIPAA was passed by Congress in 1996. Other functions of HIPAA include health insurance coverage protection for workers who lose or change jobs and creating national standards for electronic medical-record keeping.