No, HIPAA is not a female Hippo. In the medical and estate planning field, HIPAA stands for the federal Health Insurance Portability and Accountability Act of 1996. HIPAA and California’s codification called CMIA (Confidentiality of Medical Information Act) have provisions in them to prevent health care providers from disseminating your health information or medical records. The privacy rules are set forth at the U.S. Dept of Health and Human Services.
The regulations require written authorization from a patient before a health care provider or health care organization can release health information. So if you want your family, loved ones, or anyone else to have access to your medical information, you must sign a written HIPAA and CMIA release.
Medical providers such as doctors, dentists, hospitals, clinics, laboratories, pharmacies and any other health care providers, health care organizations, or insurance companies who violate privacy rules are subject to severe penalties. A non intentional failure to comply with HIPAA can result in a fine of $100 per violation up to $25,000 maximum per year. If a health care provider knowingly obtains and disseminates private information, criminal penalties can include up to a $50,000 fine and 1 year in prison. Even stiffer penalties and more jail time can be imposed if private information is used for commercial advertising, personal gain, or done in malice.
This is the first in a series of blog articles about HIPAA. Next we will discuss the Advance Health Care Directive – what it is, why HIPAA releases should be in them, and who needs them.