Why did HIPAA begin?

Answer 1

HIPPA is the law written by OSHA that makes it illegal for your personal information to be given out to anyone else. The exception is that parents of underage children can get their child's information, and caregivers who have legal power of attorney can get the information of the incapacitated person. This law was written to prevent anyone from getting your private records. People who have access to your private information could steal your identity or use the information against you. One example from my pharmacy: before HIPPA, we had a husband who called and got a list of his wife's medications, and then used that information in a divorce case to try to prove she was mentally ill because she took antidepressant medicine. Cases like that are why the law was written. ------ HIPAA (Health Insurance Portability and Accountability Act of 1996, aka the Kennedy Kausebaum Act), was enacted in 1996 (ovbviously :} ), to make sure that people changing jobs could continue their insurance in a new job without loss of coverage or significant interruption. Later, Senators T. Kennedy and Kausebaum added the Administrative Simplification Section that, among other things: * Guarded "Protected Health Informationt (or PHI)" from illegal disclosure. * Allowed the patient (in most cases) to review their own medical record. * Allowed the patient to apply for corrections to the medical record. * Set criminal penalties in place for illegal disclosure of PHI. OSHA had no part in HIPAA -- still doesn't. The list of who can obtain PHI legally is actually quite long, but it;s a vast improvement over what existed (or didn't) before. Most Americans (when polled) thought there was a "Doctor/Patient Privilege", parallel to the "Attorney/Client Privilege", that protected whatever they told their doctor. At the Federal level, there was no such thing, and information could be freely and legally passed around. Now, for the most part, the patient has a lot more control. PHI can be shared without patient permisison by Covered Entities (CE's) who: * Are healthcare providers ("Providers), who are actively caring for the patient in question -- i.e for purposes of healthcare. * Limited PHI can be exchanged with Payers insurance companies and the like) in order to obtain payment. * Limited PHI can be exchanged in order to conduct CE Operations (database backup, audits, peer review, etc.) While other situations exist where PHI can be distributed, these are the main ones, at least conceptually. Anecdotally (but still documented), there was on straw-that-broke-the-camel's-back situation that caused HIPAA's AdminSimp section to be created. There was a small town with a hospital and a bank. The bank CEO was sort of a medical groupie and contributed a lot of money to the hospital. As a courtest, he was allowed to walk rounds with the doctors, attend M&M conferences, and was allowed free access to the patient record. And one day he got a splendid idea: He ran the list of all the cancer patients the hospital was servicing, and cross-referenced it with his list of mortgages he held. Then he foreclosed on the cancer patients who were short on funds, might now live long, and couldn't fight the foreclosure. He made a fortune. And at the time it was legal. The gentleman who wrote the first answer was wrong about OSHA, but was all too correct about scenarios like the one he so clearly described in his description of classic abuse of patient confidentiality. Reason enough to pass that bill? :}