Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

5. How will confidential health information be protected?

The HIPAA law recognized the importance of protecting confidential health care information and specified 2 methods of protection: security standards and Federal privacy legislation. Today such protections are not uniformly or universally applied. Instead, security practices are largely unregulated, and privacy laws vary widely from state to state.

The law directs the Secretary of Health and Human Services to adopt security standards for all health plans, clearinghouses, and providers to follow. These standards will be required at all stages of transmission and storage of health care information. To be in compliance, health plans, clearinghouses, and providers will be required to protect health information before, during, and after electronic transmission. The Secretary is directed to adopt standards that are reasonable, taking into account technical, financial, and educational issues as well as the potential impact on small and rural health care providers. The law recognizes that, for the security standards to be followed, they must be reasonable. At the same time, the integrity and confidentiality of the records must be ensured.

Privacy is addressed separately by HIPAA. The Secretary is required to submit recommendations for Federal legislation on privacy to the Congress by August 1997. Privacy legislation and regulations will define in the future what are appropriate and inappropriate disclosures of this health information and how patient rights are to be protected.

Suggested by JMFitzmaurice, AHCPR.

TABLE OF CONTENTS