The Health Insurance Portability and Accountability Act establishes privacy standards for protecting and securing patients’ protected health information. In addition to providing medical treatment and care, health care professionals bear a responsibility to uphold these standards. 

According to the Centers for Medicare and Medicaid Services, protected health information includes information containing common identifiers, such as patients’ names, birth dates, Social Security numbers and addresses. Such information may relate to the provision of medical treatment to a patient; a patient’s present, past or future mental or physical health conditions; or the payment of present, past or future medical care rendered to a patient. The privacy rule applies to information held or passed on paper, verbally or electronically by covered entities. 

Those subject to the HIPAA privacy rule include providers of medical or other health care services or supplies, individual and group health plans that provide or pay for the cost of health care, and billing services and other health care clearinghouses. Business associates, such as accreditation boards, claims processing services, legal services or management administration of these covered entities also fall under the rule’s purview. 

According to the U.S. Department of Health and Human Services, the HIPAA privacy rule requires several activities for the average health care professional to maintain compliance. These requirements include the following: 

  • Developing and putting in place privacy procedures 
  • Specifying someone to ensure all workers follow the privacy standards 
  • Training all employees to understand and comply with the privacy procedures 
  • Giving patients notice of their privacy rights and how their information can be used or disclosed 

Additionally, health care providers must ensure patients’ protected health information cannot be readily accessed by those who do not need such records.