Health Insurance Portability and Accountability Act (HIPAA) (Archive)

The federal Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 and initiated in phases from 1998-2004. HIPAA is not a state or federal program, but an industry-wide effort to enhance consumer control of insurance coverage, create health care industry standards to improve administration; and protect and secure personal health information.

HIPAA responds to concerns from citizens, the health care industry and government agencies for enhanced security and privacy of individual health information. Furthermore, HIPAA creates uniform methods to bill and share health information electronically between health care providers, payers and other organizations involved with health care delivery and payment.

While data privacy is already a familiar concept in Minnesota law, HIPAA privacy standards create a regulatory floor for health care privacy nationwide. If a provision of the HIPAA privacy regulations conflicts with a state law, HIPAA will preempt the state law unless the state law offers more privacy protection to the individual’s health care information. In that case, state law will govern. If HIPAA privacy regulations offer more protection to the privacy of the individual’s health care information, HIPAA will govern in that area. If the two laws do not conflict, covered entities will need to comply with both state and federal privacy laws.

Inform your clients of their rights under HIPAA at application, renewal or any other time information is requested. The Notice of Privacy Practices (DHS-3979) should be provided to the client.

Top of Page