Skip to Content
Portland Personal Injury Attorney

Back in 1996 Congress endorsed, and President Bill Clinton signed into law, the Health Insurance Portability and Accountability Act, or HIPAA. HIPAA's purpose was to improve the efficiency and effectiveness of the American health care system through simplification. Part of this simplification process standardized the exchange of electronic data for administrative and financial transactions; this includes billing, claims, computer systems and communications. In addition to this simplification process, the privacy of personal health records was addressed. And in 2002, these regulations were expanded to provide individuals the right to their medical records as well as offering some protection for certain health information.

In its entirety, HIPAA encompasses five titles or sections. This article is mainly concerned with the second section, or Title II. Title II's purpose was to nationalize the American healthcare system by providing certain uniform standards. These standards were intended to simplify the electronic transactions between healthcare providers and payers. However, in response to HIPAA the Department of Health and Human Services (HHS) published the Standards for Privacy of Individually Identifiable Health Information; also known as the Privacy Rule.

Generally, the Privacy Rule does three main things:

1) Defines and limits how and when an individual's protected health information may be used or disclosed,

2) Ensures that patients have access to their own medical records, and

3) Adds new responsibilities to those charged with protecting this information.

More information can be found at the U.S. Department of Health and Human Services web page located at:

The Privacy Rule defines and protects all "individually identifiable health information" held or transmitted by covered entities and business associates, in any form or media, whether electronic, paper or oral. The Privacy Rule defines such protected health information (or PHI). Covered entities include healthcare providers and their employees, medical insurance providers, and healthcare clearing houses. PHI covers common identifiers such as name, address, birthdate, and Social Security Numbers. The Privacy Rule also encompasses an individual's past, present, and future health condition both physical, or mental and limits the kind of information that can be released, including billing and payments, without express authorization.

In addition to protecting your personal health information, the Privacy Rule also allows individuals to request a copy of their medical record and other health information. You may be required to pay for printing and mailing costs. While going over your records, if you feel that there has been an error or if a file is incomplete, under the rule you may request that that record be corrected or amended. Lastly, the Privacy Rule allows individuals to file complaints with their healthcare provider or insurer if they feel that their personal health information was improperly used or their access to their information was unjustly restricted. Toward that aim, you are allowed to request from your healthcare provider a free report once a year, regarding how and to whom your personal health information was disclosed.

It should be noted that the though the Privacy Rule provides protections for an individual's PHI, it was not intended to hinder the treatment of, or payment for, Health Care Operations. As such, healthcare providers are permitted to disclose an individual's PHI without authorization in some circumstances for these same reasons. The Privacy Rules only requires that health care providers make reasonable efforts to limit the amount of protected health information that is disclosed.

A list of Frequently Asked Questions can be found on the following website:

Alternatively, you could consult the U.S. Department of Health and Human Services' database located in the following link:

Share To: