the particulars of hipaa

Congress passed the Health Insurance Portability and Accountability Act on Aug. 21, 1996, setting in motion efforts by the federal government to craft rules designed to protect the medical privacy of patients. The act eventually spurred the Department of Health and Human Services to offer the first federal medical privacy regulations called the Standards for Privacy of Individually Identifiable Health Information or simply the Privacy Rule, issued in draft on Oct. 29, 1999.

• Goals: The rules are designed to give patients more control over their health information and limits the use and release of health records to third parties. Generally, the Privacy Rule establishes a federal requirement that most doctors, hospitals and other health care providers obtain a patient's written consent before using or disclosing the patient's personal health information. The rules restrict the use of such records for marketing and research purposes.

• Affected records and information: HHS officials explain that the rules apply to any health-related records or communications -- oral, written, electronic or otherwise -- that contain information that could identify a patient.

• Affected parties: All health care organizations must comply with the privacy rules. These include health care providers, health plans, public health authorities, life insurers, billing agencies, service organizations, ambulance services and medical universities.

• Deadline: The Privacy Rule went into effect on April 14, 2001. Most health plans and health care providers must comply with new requirements by April 14, 2003.

• Penalties: The rules create severe civil and criminal penalties for noncompliance, including fines up to $25,000 for multiple violations within a calendar year and fines up to $250,000 and/or imprisonment up to 10 years for knowingly misusing individually identifiable health information.