Since 2001, the Health Insurance Portability and Privacy Act (HIPPA) has been in place to provide assurances that private health information would be protected and to offer standards for disclosing person health information. Despite accountability to federal standards, serious breaches still occur. What is surprising is how often such missteps take place despite such safeguards, and why.
HIPPA is characterized by the Department of Health and Human Services as follows:
“The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.”
The implication is that there are serious consequences for breaches in privacy that either intentionally or unintentionally discloses private health information without permission from the patient. And this is sometimes true, but not as true as we might expect. Major security breaches at national insurance carriers or healthcare centers are likely to make the national news reports, however, individuals who experience unauthorized disclosures of private health information are finding they have little recourse.