The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996. There are two titles within the Act that are of importance in the clinical laboratory. Title I of the act protects insurance coverage for workers and their families if they change or lose their jobs. Title II of the act requires the establishment of national standards for electronic health care transactions as well as national identifiers for providers, health insurance plans, and employers. A very important feature of Title II is that it addresses the security and confidentiality of health data. It also entitles patients to have access to their medical records within a reasonable amount of time.
Another concept worth noting within HIPAA rules is the term "covered entity." A covered entity is a healthcare provider who transmits any health information in connection with a HIPAA transaction. Since substantial fines can be levied against any covered entity that does not comply with the Privacy Rule, it is important that all employees in the laboratory are fully aware of and compliant with both HIPAA and state confidentiality requirements. This should be enforced with both initial and follow-up training.
The privacy of electronically transmitted protected health information (PHI) was further expanded and strengthened with the passage of the American Recovery and Reinvestment Act of 2009 (ARRA).