Review of HIPAA, Part 2: Limitations, Rights, Violations, and Role for the Imaging Technologist.

Abstract

This article is the second part of a continuing education series reviewing the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The term HIPAA should be familiar to those who work in the medical profession, but this article includes details on its rules, patients' rights, violations, breaches, and penalties. To help administer these safeguards, HIPAA requires that every organization designate a HIPAA privacy and security officer. HIPAA violations can have serious repercussions when rules are not followed; these violations can be either negligent or willful. If breaches of unsecured protected health information occur, HIPAA requires covered entities to notify affected individuals, the Secretary of Health and Human Services, and in some cases the media. Violations in which the covered entity did not know of the violation are now punishable under the first tier of penalties. Unintended violations carry a minimum penalty of $100 per violation and a maximum of $50,000 per violation. All patients have a right to privacy and a right to confidential use of their medical records. The role of medical professionals includes understanding how and when to apply these HIPAA rules verbally and electronically.