The HIPAA privacy laws for employees allow patients to keep the majority of their personal information private, according to the Texas Workforce Commission. The rules were introduced by the U.S. Department of Health and Human Services.
The HIPAA privacy rule was created to protect identifiable health information from being disclosed to people that don't have permission to access it, states the Texas Workforce Commission. This includes information like doctor's visits, prescriptions and health care claim statuses. It also keeps information like health care payments, first reports of injuries, eligibility for health plans and health claim attachments private. The rule applies to health care providers and similar organizations, such as insurance companies, that could identify personal information.
Health care organizations must have procedures to enforce this rule, notes the Texas Workforce Commission. They must have all employees sign agreements that promise to keep information confidential, and each company must have a privacy officer. Civil penalties for breaking this law are typically $100 for each violation, though there is sometimes stacking of violations. The maximum is $25,000 a year for a single person violating a single standard. Criminal penalties for violating health privacy can be up to $250,000 and up to 10 years in prison.