HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA is a federal law that protects the privacy of your health information. HIPAA regulations govern the use and release of your protected health information under certain circumstances. Under certain circumstances, HIPAA also limits the kind and amount of patient information that certain health care providers and health plans can disclose.
HIPAA generally prohibits certain health care providers and health plans from unnecessarily sharing your health information. “Covered entities,” which are those entities subject to HIPAA, include certain health care providers and health plans. All covered entities must have policies and procedures to safeguard your protected health information.
HIPAA regulations apply to your protected health information maintained by your health care providers that are covered entities. HIPAA regulations may not cover every organization that has your protected health information. For example, employers, schools, state agencies and law enforcement agencies may not be covered by HIPAA even if they have your protected health information.
HIPAA regulations allow covered entities to share your protected health information for certain purposes. Covered entities can generally share your protected health information for your treatment, billing purposes and other limited purposes without your permission.
Your protected health information should only be shared with those who really need it or who are legally entitled to it. When your protected health information is disclosed, it should be limited to the amount of information necessary for the purpose of the disclosure.