HIPAA stands for the Health Insurance Portability and Accountability Act. Enacted in 1996 under President Clinton, the HIPAA has a privacy section which regulates the use and disclosure of patient health information, including health status, health insurance and health related payments. Entities covered by the HIPAA cannot disclose patient information except for certain reasons and only under certain conditions.

What Entities Are Covered By the HIPAA?

The HIPAA applies to the following entities:

  • Health insurers
  • Medical service providers
  • Employer sponsored plans,
  • Health care facilities
  • Any independent contractors employed by the entities listed.

What Reasons Would Allow Entities to Disclose Information?

Entities covered by the HIPAA can disclose information for the following reasons:

  • Upon the request of the patient, within 30 days
  • If required by the law, such as for suspected child abuse
  • If necessary to facilitate the treatment or the payment of treatment on behalf of the patient

Covered entities cannot disclose information for any other reason without the prior written consent of the patient.

What Is the Penalty for Violating the Privacy Regulations of HIPAA?

An entity that violates the privacy requirements of HIPAA is subject to criminal and civil penalties, including: 

  • Civil monetary penalties up to $100 per violation up to $25,000 per year for each violation
  • Criminal penalties ranging as high as $250,000 and 10 years in prison if the violation was committed with intent to use the private medical information for commercial gain and/or malicious harm

What Can I Do if My Privacy Rights under HIPAA Have Been Violated?

If you believe that an entity has inappropriately used or disclosed your private health information, you may file a direct complaint with the United States Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR will investigate the matter and impose civil penalties if appropriate. Criminal violations of the law will be referred to the U.S. Department of Justice. 

Do I Need a Lawyer Experienced with HIPAA Laws?

The HIPAA laws can be quite complicated, and penalties for violating a patient’s privacy rights under HIPAA carry serious criminal charges and civil damages. An attorney can explain the law to you and ensure that you are in compliance with HIPAA’s privacy requirements.

If you feel your rights have been violated under HIPAA, you may want to consult a personal injury attorney. Your attorney can advise you of your rights, help you file complaint against the specific agency that violated your privacy through illegal use of your records, and let you know if you may be entitled to any remedies.