The U.S. Health Insurance Portability and Accountability Act — also known by its acronym, HIPAA — in 1996 established federal privacy standards to ensure the privacy, safety and security of patient medical records and other health information maintained by health insurance plans, physicians, hospitals and other healthcare providers.
Because failure to comply with HIPAA can result in severe civil and criminal penalties, it is important to know the requirements for protecting patient privacy.
View answers to the following questions about HIPAA ›
- Penalties: Can patients sue healthcare providers for not complying with the HIPAA Privacy Regulations?
- Access to my records: Is it legal/appropriate for me to access my own records in our hospital computer systems? It is usually quicker and more efficient if I do it myself.
- Access to spouse or partner's records: My boyfriend is also a patient here. With his knowledge and verbal authorization, may I access his information? Or do I need written authorization to do so? If so, will an informal letter suffice? Is there an official form?
- Access to others' records: Is it a violation to look up the records of my coworker or family member who has been admitted to the hospital?
- Access to systems: I have access to the computer system to schedule-patient appointments. Is it appropriate for me to schedule an appointment for myself in the system?
- Authorizations to provide health information: Where can I obtain a copy of the "Official" form to authorize release of records?
- Confirming a patient's presence in the hospital: Often family members, or people who claim to be related, will ask hospital staff whether a particular patient is present in the hospital. How should these requests be handled?
- Test messaging: Is it appropriate to use text messaging on cellular phones to relay patient data between caregivers (e.g. nurse to physician)?
- Paging system: Can we use patient names when paging other hospital staff?
For any questions related to research issues, please contact our Research Compliance Officer at 714-456-8986.
View answers to the following frequently asked questions ›
- Do hand-held computers bring HIPAA risks?
- What should we do about a "nosy" physician?
- Does the Emergency Medical Treatment and Active Labor Act (EMTALA) apply in non-clinical settings?
- Which records should we send to other doctors?
- Can 'kicking back' with vendors bring anti-kickback charges?
- Will 'clustering' tie compliance efforts in knots?
- Can an on-call physician send patients to the Emergency Department?
- Use caution with requests for patient information?
- Are corporate compliance and HIPAA compliance the same thing?
- Can vendors donate prize money?
- Can residents dictate operating reports?
View answers to frequently asked questions on the following billing topics: