HIPPA is an acronym for a broad body of federal law, the full name of which is the Health Insurance Portability and Accountability Act, passed in 1996. The Act establishes national standards to protect your health care as well as the privacy of your health information. The federal law applies in all states.
Some instances of HIPPA include:
- The mass of papers that you have to sign when starting out with a new doctor.
- Seeing a sign at the check-in desk at a doctor’s office stating “Only one person at the counter, please.”
- HIPPA forms that you are asked to sign upon admission to a hospital or other health care facility.
- HIPPA disclosures that are periodically sent to you by your insurance company.
Like many laws, HIPPA covers many topics. Some of them are not directly connected with each other, but some have common threads. One of the threads ties together health insurance, the delivery of health care services, and the confidentiality and sharing of personal medical information. HIPPA does not yet apply to life insurance, long-term care insurance, or various other kinds of insurance that implicate a person’s health, but in the future, it may.
HIPPA’s Privacy Provisions
One of the main purposes of HIPPA is to guard the privacy, dissemination, and to notify patients of when and how “individually identifiable health information” can be used. The law defines that kind of information as:
…information, including demographic data, that relates to:
- The individual’s past, present or future physical or mental health or condition.
- The provision of health care to the individual, or
- The past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g. name, address, birth date, Social Security Number).
To Whom Does HIPPA Apply?
Put simply, HIPPA applies to “covered entities.” The statute defines them as:
- A healthcare provider (physician, hospital, etc.)
- A health plan (health insurance company, HMO, PPO, or some other kind of healthcare payor
- A health care clearinghouse
A health care clearinghouse is an entity that acts as a middleman between a healthcare provider and another entity that needs the information of a healthcare provider. The other entity could be an insurance company that has to pay the provider. In that case, the clearinghouse translates the information from the provider into a form that the insurance company can understand to evaluate and pay or deny the claim. As an aside, clearinghouses became necessary in part due to the development of standardized coding for many medical procedures. By handling the information, the clearinghouse can obtain knowledge of the protected medical information and is therefore considered a “covered entity” under HIPPA.
What’s the Point?
In part, HIPPA is intended to notify you, the recipient of health care services, of the fact that individually identifiable health information can and will be made more “public” than you might think. The need to share the information between and among various entities has arisen with the growth and the intersection of the medical and the insurance industries. Not only does HIPPA serve the purpose of notifying patients about the use of the information, but it places limits on the unauthorized use and spread of the information by people and entities that it covers.
There is much more to HIPPA than this article covers. We hope that it will help you in making better sense of the plethora of papers that you get, should read, and may be asked to sign, from your insurance company, HMO, PPO and health care providers.
(This article was updated January, 2024 since it originally published in June, 2016.)
