HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996. Portability refers to the section that provides for the waiver of pre-existing conditions when persons who are covered under a group policy with their current employer move to a new employer. HIPAA portability provisions limit the ability of group health plans to exclude coverage of pre-existing conditions and prohibits the exclusion of individuals from coverage based on health status.

As a part of the legislation, Congress incorporated a section called “Administrative Simplification”. This section of the law includes:

• Standardization of electronic formats for transmission of nine transactions including claims, eligibility, referral certification and authorization, claim status, enrollment, claim payment and remittance advice, and premium payments. 
• Security of electronic health information and electronic signatures.
• Privacy of member's identifiable information.

Security is defined as the ability to control access and protect information from accidental or intentional disclosures to unauthorized persons and from alteration, destruction, or loss. Security is typically accomplished through some kind of technical controls. Privacy is defined as controlling who is authorized to access member information and under what circumstances member information may be accessed, used, and/or disclosed to third parties.

Health care providers that transmit claims electronically, health plans, and health care clearinghouses.

With a couple of exceptions, protected health information (PHI) includes all individually identifiable health information that is transmitted or maintained in any form or medium. Broadly defined, PHI is any member information, including demographic information, that ties the identity of the individual to their health record. Examples are names, addresses, all date (except year) elements related to the individual, telephone numbers, fax numbers, e-mail addresses, license numbers, etc. If it can possibly be used to identify an individual, the element is considered protected.

The Privacy Rule creates national standards to protect individuals' medical records and other personal health information. Specifically, it:

• Gives members more control over their health information. 
• Sets boundaries on the use and release of health information. 
• Establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information. 
• Holds violators accountable with civil and criminal penalties that can be imposed if they violate members' privacy rights, and 
• Strikes a balance when public responsibility requires disclosure of some forms of data - for example, to protect public health.

For members, it:

• Enables members to find out how their information may be used and what disclosures of their information have been made. In most cases, it requires specific member consent or authorization to use or disclose their protected health information. 
• Generally limits release of information to the minimum reasonably needed for the purpose of disclosure, and 
• Gives members the right to examine and obtain a copy of their own health records and request corrections.

No. HIPAA does not create a federal right to sue for violations of the Act. Individual complaints are filed with the Office of Civil Rights (OCR). It is this federal agency that will investigate claims that member protections have been violated.