The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that provides health care consumers with specific privacy protections, as well as the right to continued insurance coverage under certain situations. HIPAA is an extremely comprehensive law, and HIPAA compliance is a concern of not only medical providers and health insurance companies, but also some private employers and even collection agencies. Under HIPAA, patient privacy rights are defined and protected, as are the patient's rights to continued health coverage when transitioning from one insurance plan to another. HIPAA compliance is generally established and enforced by specific policies and procedures within an organization in order to prevent any violations of HIPAA rules.
Hospitals and medical professionals must demonstrate HIPAA compliance by taking steps to secure patient information. Security processes may include limiting access to medical files by staff members, limiting the information about a hospital patient and his condition given to friends or family members, and respecting a patient's requests about how she is contacted by mail or phone. Medical organizations and professionals must also provide patients with their medical records upon request and must ensure that any third-party billing services or collection agencies are given only minimal medical information about the patient's condition.
HIPAA compliance also extends to businesses that employ more than 50 people and that offer health insurance coverage. Such businesses are required to designate an employee as a privacy official"who oversees the development and enforcement of HIPAA compliance. Access to health insurance files should be sharply restricted by HIPAA compliant employers, and employees should be made aware of the organization's HIPAA policies and protections.
A significant protection offered to health care consumers by HIPAA is the portability of insurance coverage. HIPAA compliance restricts an insurer's ability to enforce preexisting conditions exclusions. For example, many insurers have a preexisting condition clause written into their policies that states that a new policy holder cannot receive insurance coverage for conditions that were treated within the six-month period prior to the purchase of the new policy. Under HIPAA, however, if there was no more than a 63-day gap between the group policies of an employee's previous employer and new employer, the new policy cannot exclude coverage for any preexisting conditions. HIPAA also provides protection against preexisting condition exclusions for newborns and children who are adopted as long as they are enrolled in health insurance coverage within 30 days of their birth or adoption.