Health Insurance Portability & Accountability Act (HIPAA)

The HIPAA privacy regulations require that covered entities limit the use and disclosure of protected health information to those times explicitly permitted by the regulation or after an authorization has been received by the individual.  The regulation allows the use and disclosure of protected health information for treatment, payment or health care operations without an authorization.  Additionally, member consent is not required for public health, national security, or law enforcement requirements, as well as, state oversight functions.  The regulation also gives individuals certain rights such as the right to access and request amendments to protected health information, as well as the right to receive information on how their protected health information was used and disclosed.