Health privacy law has changed the medical industry |

Health privacy law has changed the medical industry

Rohn Robbins
Vail, CO, Colorado

The world of medical insurance and privacy changed dramatically with the Heath Insurance Portability and Accountability Act of 1996, also known as “HIPPA.”

Part of the law protects health insurance coverage for workers and their families when the worker either changes or loses his or her job. It also regulates the breadth and availability of group and individual health insurance plans. It also limits the restrictions that a group health plan can place on benefits for a preexisting condition.

Title II of the law, known as the Administrative Simplification provisions, directs the Department of Health and Human Services to publish rules ensuring standardization of patient health, administrative and financial data; to set up standards for individuals, employers, health plans and health care providers; and to establish standards protecting the confidentiality and integrity of “individually identifiable health information,” past, present and future.

This part of the law defines various offenses relating to health care and imposes civil and criminal penalties for their violation. It also creates a set of programs to control fraud and other abuses in the health care system.

Chief among these regulations is the “Privacy Rule,” which took effect in 2003.The rule protects individual health care records from disclosure in any form which would tie those records to a particular individual. It thus protects “individually identifiable health information.”

Participate in The Longevity Project

The Longevity Project is an annual campaign to help educate readers about what it takes to live a long, fulfilling life in our valley. This year Kevin shares his story of hope and celebration of life with his presentation Cracked, Not Broken as we explore the critical and relevant topic of mental health.

A covered entity ” which includes health plans, health plan clearing houses and billing services and health care providers ” may disclose information under limited circumstances: to facilitate treatment, payment or health care operations.

Information can also be released with the consent of the patient. Even when properly disclosing such information, only the minimum information necessary can be released.

The Privacy Rule also gives individuals the right to demand that a covered entity correct any inaccurate information which may be contained within the individual’s record. The rule further requires that a covered entity respect the confidentiality of communications with the individual ” for example, contacting the individual only at his work telephone number rather than his home or vice versa.

Individuals must be notified in each instance when their information is released by a covered entity. Since the preservation of an individual’s information is considered under the legislation as a fundamental civil right ” that is, the right to privacy ” an individual who believes that their information is not be properly protected may file a complaint with the Department of Health and Human Services Office for Civil Rights.

Among the other rules established under the law is the Security Rule, which deals with Electronic Protected Health Information and outlines security safeguards for compliance in the areas of administrative, physical and technical information.

Another of the rules codified under Title II of HIPAA is the Unique Identifiers Rule. This rule provides that covered entities using electronic communications must use a National Provider Identifier to identify them in standard health care transactions.

Perhaps the most draconian of this law’s rules is the Transaction and Code Set Rules, which create a complex set of forms to be used in a variety of health care transactions.

All these rules have brought major changes to the ways physicians and medical centers operate. The complex penalties and potential fines for noncompliance with the law’s various requirements ” to say nothing of the increased paperwork, costs and headaches of its implementation ” have had far-reaching effects and have caused both grumbling and concern.

While there are certainly bugs to be worked out, the goals and intent of the medical privacy law are laudatory, particularly in an age of accelerating and ubiquitous electronic communication. In essence, the is intended to provide for security and privacy in health care matters and to encourage the secure and widespread use of electronic data exchange in the U.S. health care system. It raises privacy in our health care matters to a fundamental civil right and is meant to protect error, abuse and health care discrimination.

For better or for worse, it seems that the Heath Insurance Portability and Accountability Act will be with us into the foreseeable future. Presumably, as the wrinkles get ironed out, even the health care providers most affected will see the wisdom in anticipating the potential abuses our increasingly digitized world might otherwise engender.

Rohn K. Robbins is an attorney licensed before the Bars of Colorado and California who practices in the Vail Valley. He is a member of the Colorado State Bar Association Legal Ethics Committee and is a former adjunct professor of law. He may be heard on Wednesday nights at 7 p.m. on KZYR radio (97.7 FM) as host of “Community Focus.” Robbins may be reached at 970-926.4461 or by e-mail at

Support Local Journalism