Health Insurance Portability and Accountability Act of 1996 (HIPAA): a provider's overview of new privacy regulations.

When it enacted The Health Insurance Portability and Accountability Act of 1996, Congress mandated establishment of privacy regulations covering individual health information. Title II of HIPAA, the Privacy Rule that became effective on April 14, 2001, offers Americans the first-ever set of comprehensive protections against the unintended and/or inappropriate disclosure of personal health information. Provisions of the Privacy Rule and its associated regulations include patient control over the use of health information, patient rights to information on the disclosure policies of the health-care provider, patient rights to review and amend one's medical information, standards for limiting the scope of data disclosed to other health-care providers, and penalties for noncompliance with the law. This paper presents a summary of the need for protection of personal health information and an overview of the provisions of this legislative foundation for protecting personal health records--the HIPAA Privacy Rule.