Living with Chronic Pain
The Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law enacted in 1996 to protect individuals’ private health information from being shared without their consent. HIPAA education and training in the medical community is essential in enforcing the law. The law consists of five titles:
The HIPAA Privacy Rule was created to enforce the requirements of HIPAA. The Privacy Rule addresses the rights of individuals to decide how their personal health information is used. An individual's health information is protected, while also protecting public health.
Covered entities are specific individuals, organizations and agencies that must comply with HIPAA’s Privacy Rule. These covered entities include, but are not limited to, the following:
Covered entities can disclose health information without authorization if the information is required, and the individual receives notification. They can also disclose health information for treatment, payment, incidents related to other HIPAA-permitted use and public well-being. There are twelve national priority purposes of which the Privacy Rule permits disclosure of protected health information. These include the following:
The HIPAA Security Rule protects a subsection of information covered by the Privacy Rule. This includes individual identifiable health information that a covered entity creates, receives, maintains or electronically transmits. In order to remain in compliance with the HIPAA Security Rule, covered entities must adhere to the following rules:
Complaints should be reported to the HHS Office for Civil Rights and violations can result in monetary or criminal penalties. Violations of HIPAA range from civil to criminal. Penalties range from monetary fines up to imprisonment depending on the severity of violation.
For more information on HIPAA or to make a complaint, visit