What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, is a privacy law that protects individuals’ medical information in some circumstances. There is a lot of misinformation surrounding HIPAA and many people believe that any information related to their medical status shared with anyone would be protected. That is not the case in most instances. First, HIPAA only applies to select covered entities including healthcare providers, health plans, healthcare clearinghouses, and business associates. A health plan includes most insurers, including employer-sponsored group health plans. A healthcare clearinghouse is an entity that processes health information. A business associate is a person or organization that uses health information to perform services for a covered entity, an example would be a billing agent. This means, that for most people, their employer is not covered by HIPAA.

Second, even covered entities may disclose personal health information in a number of circumstances without violating HIPAA. Those instances include disclosure to the individual, for treatment, payment and healthcare operations, and for the public interest.

Finally, even if there is an instance where one of the covered entities does share information that is in fact protected by HIPAA, there is no private right of action to file a lawsuit, meaning no lawsuits can be filed for a HIPAA violation. The Federal Department of Health and Human Services does maintain a process for filing a complaint, however.

All of this to say, HIPAA is not the magic wand for privacy in your medical records and status that many people think that it is, especially as it relates to employment. Other laws may protect employee’s medical information, but for the most part HIPAA is not one of them.