What is HIPAA Law?
Created by FindLaw's team of legal writers and editors | Last reviewed May 30, 2018
This article has been written and reviewed for legal accuracy, clarity, and style by FindLaw’s team of legal writers and attorneys and in accordance with our editorial standards.
The last updated date refers to the last time this article was reviewed by FindLaw or one of our contributing authors. We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please contact an attorney in your area.
In 1996, the Employee Retirement Income Security Act (ERISA), which regulates employee benefit plans, was amended to include the Health Insurance Portability and Accountability Act (HIPAA). Generally, this law establishes data privacy and security guidelines for patients' medical information and prohibits denial of coverage based on pre-existing conditions or genetic factors. While this law covers a lot of ground, the phrase "HIPAA compliant" typically refers to the patient information privacy provisions.
HIPAA is split into two major parts:
- Title I protects health insurance coverage for individuals who experience a change in employment (such as losing a job), prohibits denials of coverage based on pre-existing conditions, and prohibits limits on lifetime coverage.
- Title II requires doctors and medical professionals to keep patient records confidential by setting national standards for electronic health care transactions.
HIPAA Title I: The Basics
HIPAA Title I makes it easier for you to change jobs without losing your health coverage and limits your new health plan's ability to deny coverage based on a medical condition you had before getting the new coverage (a preexisting condition). It also provides you with added opportunities to enroll in a new group plan or individual health insurance policy and prohibits discrimination against you or your family by the new plan or insurance provider.
Besides these HIPAA protections, you are protected by the laws of the state in which you reside and regulations under the Affordable Care Act.
HIPAA Protections for Pre-Existing Conditions
Under HIPAA, employer health plans may not refuse health coverage for a new employee with preexisting conditions as long as certain procedures for approval are met. Note that HIPAA protects you from being denied health care due to a preexisting condition if you are seeking health insurance under an employer's plan, whereas if you are applying for individual health insurance or any coverage not part of an employer's plan, you are protected from preexisting condition discrimination by the ACA.
Special Enrollment for Those Who Previously Declined Coverage
HIPAA also provides an opportunity for those who have previously declined health coverage (with their employer's own plan) to enroll at a date outside of the plan's open enrollment period. For example, special enrollment situations occur when:
- Divorce or separation causes you to lose coverage under your spouse's insurance.
- You are a young dependent and you find yourself no longer covered under your parent's plan.
- Your spouse dies and leaves you without coverage.
- Your spouse's employment ends, terminating plan coverage.
- Your employer reduces your work hours and you no longer qualify to be covered under the plan.
- Your plan no longer offers you coverage because your employer has eliminated the eligibility of certain groups of employees (e.g. part-time).
- You no longer live or work in the HMO's service area.
HIPAA Protections Against Discrimination
Under HIPAA, you and your family cannot be denied eligibility or benefits or charged more for the coverage based on certain health factors. Your health plan cannot use the following factors as reasons for denying you medical coverage:
- Health status;
- Medical conditions (physical or mental);
- Claims experience;
- Past receipt of health care;
- Medical history;
- Genetic information (also protected by GINA);
- Evidence of insurability, or
Evidence of insurability includes participation in activities like motorcycling, snowmobiling, horseback riding, skiing, and other sports, or proof that you were a victim of domestic violence.
HIPAA Title II Overview
Title II ordered the U.S. Department of Health and Human Services (HHS) to create standards for the protection of your electronically stored medical information and placed mandatory guidelines on the rules, contracts, and procedures used by the administrators of medical offices. In response, the HHS enacted what is called "The Privacy Rule," which requires doctors and medical professionals to protect any individually identifiable information that relates to the physical or mental condition or the provision of health care to an individual.
There are situations in which the medical professional is allowed to share a patient's medical information, such as when the patient gives them permission, if the doctor or patient needs help and is unable to make medical decisions, if the government requires it (i.e. birth and death records), or if the patient makes their health an issue in court.
Have a Legal Question Concerning HIPAA? An Attorney Can Help
Every American has certain rights under HIPAA, which is part of the larger ERISA. Navigating the law and knowing whether your rights are being honored can be quite difficult. If you have concerns about your HIPAA-guaranteed health care rights, you may want to speak with an experienced health care attorney near you.
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.
Contact a qualified health care attorney to help navigate legal issues around your health care.