National Partnership for Women & Families

HIPAA

The primary federal legal protections against inappropriate health information sharing are the Health Insurance Portability and Accountability Act (HIPAA) and its Privacy and Security rules. This set of laws provides a uniform federal floor, or minimum, of privacy protections. HIPAA applies to "covered entities," or organizations that fall into one of the following categories:

  • Health care providers, such as physicians, nurses, pharmacists and others who provide health care services;
  • Health insurance plans; and
  • Health care clearinghouses (companies that help process health information to facilitate the business aspects of health care).

The HIPAA Privacy Rule grants consumers the right to, among other things:

  • Have access their medical records;
  • Have their personal health information protected;
  • Request corrections to their records;
  • Be informed about how their health information is used; and
  • File complaints related to the use or disclosure of their health information.

    The HIPAA Security Rule, with protections that apply to electronic protected health information (ePHI), requires implementation of three types of safeguards: administrative, physical and technical. Covered entities must:

    • Ensure the confidentiality, integrity and availability of all ePHI;
    • Protect against any reasonably anticipated threats or hazards of ePHI;
    • Protect against any reasonably anticipated uses or disclosures of ePHI not permitted or required under the HIPAA Privacy Rule; and
    • Ensure their workforce complies with the HIPAA Security Rule.

    Even greater protection than that set out in HIPAA may be provided through state laws, which are not pre-empted by HIPAA. Nevertheless, these protections may not always be sufficient in an electronic environment, since new players in the health care arena may not be covered entities, and therefore not subject to HIPAA. These new players may include companies that offer new ways for individuals to store and share their health data (such as Microsoft , which offers personal health records (PHRs)), or data mining companies.

    • Related Resources

    Health Information Technology: The Foundation for Health Reform

    Health information technology (health IT) is a foundational component of a more patient-centered, effective and efficient health care system where women and their health care providers have access to the information they need anytime, anywhere. Read More

    Why the Affordable Care Act Matters for Women: Health Insurance Coverage for Lower- and Moderate-Income Pregnant Women

    Many women of childbearing age will gain access to affordable health insurance for the first time as a result of the Affordable Care Act (ACA). Thanks to the ACA, eligibility for Medicaid will be expanded and more affordable health insurance plans will be offered to individuals in state-based health insurance marketplaces. Read More

    Frequently Asked Questions: Health Insurance Coverage for Low- and Moderate-Income Pregnant Women

    The Affordable Care Act (ACA) expands the Medicaid program, making millions more Americans eligible for coverage. Additionally, in 2014 it will offer premium and cost-sharing assistance to eligible individuals who purchase private insurance in state marketplaces. Read More

    Visit the Research Library