Hipaa Summary

Congress intended HIPAA to protect individually identifiable health information. Any entity, including a physician's office, a hospital or other health care facility, or an insurer that deals with personal health information must follow strict rules about how to handle that information to avoid disclosing it to someone not authorized to see it. For example, Health and Human Services allows physicians and insurance companies to exchange individually identifiable health information to pay a health claim, but would not allow them to release it publicly. Penalties for violating the regulations include civil fines of up to $50,000 per violation, according to Health and Human Services.
According to Health and Human Services, the privacy rule also requires physicians, hospitals, insurers, and other health care entities to use and disclose only the minimum amount of information needed to complete the transaction or fulfill the request. As a practical matter, for example, that means a physician should not send a patient's entire medical file to an insurer if just one page from the record will suffice to answer the insurer's query
In addition to protecting patients' privacy, HIPAA also limits the ability of a new employer plan to exclude coverage for pre-existing conditions. This means a person who has health insurance coverage can change jobs -- and therefore health plans -- without worrying that a condition they already have, such as diabetes or asthma, would not be covered under the new health plan. This was not always the case, according to the U.S. Department of Labor. "In the past, some employers' group health plans limited, or even denied, coverage if a new employee had such a condition before enrolling in the plan. Under HIPAA, that is not allowed," the Department of Labor says. HIPAA also prohibits discrimination against employees and their family members based on health histories, previous claims, and genetic information, according to the Department of Labor.
Pros