Insurance Portability & Accountability Act (HIPAA) was signed into
law in 1996. The federal regulation includes mandates that set
standards for protecting the privacy of medical & health
information; now referred to as Protected Health Information
(PHI). PHI is information that is maintained by healthcare
entities, for example: hospitals, pharmacies, healthplans, dental
practices, and private physician practices.
HIPAA requires covered entities to take steps to
limit the use and disclosure of PHI, which means that healthcare
entities will be required to develop new policies and procedures
that address protecting the privacy and security of patients'
rights. The Office of Civil Rights is the oversight agency
responsible for HIPAA compliance.
The deadline for compliance with the privacy
standards is April 14, 2003 (small health plans have until April
14, 2004). To ensure compliance, healthcare entities will be
required to document (forms) information captured as patients
exercise their privacy rights.