The healthcare law HIPAA, is widely known by the public but is not well understood.
HIPAA, which stands for Health Insurance Portability and Accountability Act of 1996, sets the rules for how your health data privacy should be maintained and also how an organization should respond to a breach in security involving your health records.
“With the rise of computers and networks in the 90s, HIPAA was the first rule to really establish national privacy rights, security rights around electronic data and as well as breach notification,” said Andrew Mahler, vice president of consulting services at Clearwater Security.
HIPAA applies to three types of organizations, which are known as “covered entities.” The covered entities are insurance companies, data clearinghouses and any healthcare providers that transmit data electronically.
“If something happens to your data in a way that is impermissible or prohibited by HIPAA, those healthcare organizations that are covered by HIPAA need to report that to the patients that are affected as well as to the federal government,” Mahler said.
If you’re one of the many who have had their records exposed, HIPAA sets out the terms of the disclosure of such incidents.