Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. HIPAA also gives patients’ rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
Congress enacted the Health Insurance Portability and Accountability Act to:
- Combat waste, fraud and abuse
- Improve portability of health insurance coverage
- Simplify health care administration
Who must comply with HIPAA?
All military and civilian health care plans, health care clearinghouses and health care providers who electronically conduct financial and administrative transactions must comply with HIPAA. TRICARE, military hospitals and clinics, providers, regional contractors, subcontractors and other business associate relationships fall within these categories. HIPAA's Privacy Rule and Security Rule relate specifically to the privacy and security of your protected health information (PHI).
How the Privacy Rule Protects You
The HIPAA Privacy Rule lets medical staff use and disclose your PHI for treatment, payment and health care operations without written authorization. Your permission is required for most other uses and disclosures.
Under the Privacy Rule, you have the right to:
- Receive a copy of the Military Health System Notice of Privacy Practices
- Request access to PHI
- Request amendment of PHI
- Request an accounting of PHI disclosures
- Request restriction on PHI use and disclosure
- File a complaint regarding privacy infractions.
Each military hospitals and clinic has a privacy officer who ensures health care information remains private, but available to you and your provider. The privacy officer can answer any questions you may have about HIPAA rules. The Defense Health Agency (DHA) also has a privacy office you can contact for information or assistance. In addition, your regional contractor has valuable information about privacy on its website.
What if my privacy is violated?
If you think your privacy rights have been violated, you may submit a written complaint to your military hospital or clinic or DHA Privacy Officer. You may call the general information number at your local military hospitals or clinic, visit their Web site.
Notice of Privacy Practices
When you receive treatment at a military hospitals or clinic, you will be given a copy of the Notice of Privacy Practices. This document details how your medical information may be used and with whom it may be shared. If you see civilian TRICARE-authorized providers, they may have their own privacy practices guidelines that they will share with you at the time of your appointment. It's important that you carefully read any information about privacy practices.