The Health Insurance Portability and Accountability Act, or HIPAA, was put into federal law in 1996 to amend the Internal Revenue Code of 1986. The act is often referred to as a privacy rule that provides federal protections for personal health information. The act allows certain disclosures of information by medical personnel when it is imperative to the care of the patient.
HIPAA entities must comply with the request of an individual to view his own health information file, or medical record, and obtain copies of those records.
Patients should receive a notice explaining how their health information and records could be used. Reports should be distributed if your health information was shared for lawful purposes.
Safeguards and procedures protecting health information, and limiting access to those records, must be put in place and acted upon by any entity covered under HIPAA.
Violations of HIPAA can be reported three ways. You could file a complaint with your health insurance, care provider, or with the U.S. government.
Not all entities are required to follow the act. Many schools, state agencies, law enforcement agencies, municipal offices, employers, life insurers, and workers compensation carriers are not mandated by HIPAA.