Understanding the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

by LegalFix
Posted: May 23, 2024

The Health Insurance Portability and Accountability Act (HIPAA) is one of the most important acts in the US healthcare sector. It emphasizes patient privacy and safeguarding medical information. Today, we’ll examine the main aspects of HIPAA and its implications for patients and healthcare providers to help you understand your rights. 

What Information is Protected by HIPAA?

HIPAA chiefly protects protected health information (PHI), which is any health-related information that can identify an individual and which is transmitted or maintained by a covered entity or its business associate. This can include medical records, billing information, health insurance details, and any other personal health data. 

Who is Required to Follow HIPAA Regulations?

Those required to adhere to HIPAA are categorized as "covered entities" and "business associates."

HIPAA defines healthcare providers as those who conduct electronic health transactions (think doctors, hospitals, clinics, and nursing homes), health plans (including health insurance companies, HMOs, and employer-sponsored plans), and healthcare clearinghouses, which are organizations that process healthcare transactions electronically. 

Business associates refer to individuals or entities (excluding the workforce) that perform functions, activities, or services for, or on behalf of, a covered entity involving the use or disclosure of PHI. This can include third-party administrators, billing companies, or even cloud storage providers that handle PHI. 

Entities that don't fall into these categories are not directly bound by HIPAA, although interacting with the healthcare sector might indirectly require compliance. 

How is the Information Protected?

HIPAA requires covered entities and business associates to:

  • Implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

  • Train employees about HIPAA regulations.

  • Establish a contingency plan in case of breaches.

  • Restrict access to PHI to only those employees who need it.

  • Establish password security and other access controls.

  • Regularly review records of system activity.

Non-Protected Information

Records held by employers, like sick leave or employment medical records, are not protected by the Act. Education and certain other records are covered by the Family Educational Rights and Privacy Act (FERPA) rather than HIPAA.

Likewise, treatment records of individuals older than 18 at a post-secondary educational institution may not be protected. This is the case if the records are made or maintained by a professional in connection with providing treatment to the student and are not shared with anyone other than for treatment purposes. 

Rights under the Privacy Rule

The Privacy Rule of HIPAA ensures individuals have rights over their health information, including:

  • Right to access and get copies of their health records.

  • Right to have corrections added to their health information.

  • Right to get a notice that tells them how their health information may be used and shared.

  • Right to decide if they want to give their permission before their information can be used or shared for certain purposes.

  • Right to get a report on when and why their health information was shared.

The Importance of Affordable Access to Legal Expertise

The intricacies of HIPAA, along with other healthcare laws, highlight the significance of having affordable access to an attorney well-versed in such laws and regulations. Attorneys can provide invaluable guidance in navigating potential pitfalls, ensuring compliance, and handling breaches or violations. By consulting with legal experts, both patients and healthcare entities can better understand their rights and responsibilities and ensure that health information is treated with the utmost care and respect.

Know Your Rights with LegalFix

HIPAA has been foundational in upholding the privacy and security of health information. As the healthcare landscape continues to evolve, understanding and staying compliant with such laws and regulations is important to your mental and physical health.

Whether you want to know about HIPAA protections and healthcare law or just want a better understanding of how our legal system works, LegalFix is your go-to source for free legal information. You can find helpful articles and state-specific explanations of nearly 1,600 legal topics—and browse the state and federal statutes to better understand the laws that affect you. Just visit to find all this content—and check back often for more valuable legal products and services coming soon.