HIPAA: Understanding Your Rights of Insurance Portability and Privacy

On August 14, 2003, a change occurred in the healthcare field related to health insurance. That was the first mandatory deadline set for healthcare organizations to become HIPAA-compliant with regulation standards placed into law in 1996. Often, I hear, What is HIPAA and how does it affect me? or What is that form that my doctor made me sign when I went in for a visit? There are still many of us who don't understand what HIPAA is or how it affects us as healthcare consumers. Hopefully, this article can give you a general understanding of just what HIPAA means and how it affects the HIV community.

What Is HIPAA?

In 1996, Congress enacted the Health Insurance Portability and Accountability Act in response to growing concerns about individual's health information potentially being used inappropriately, causing barriers to health care coverage and related job mobility impediments. The regulations set forth by this legislation are designed to protect patient privacy in regards to confidential medical records, by placing restrictions on how the patient information is handled, and who is allowed to have access to the information.

HIPAA regulations have been designed to have a broad application. There are four parts to HIPAA: portability, transaction, privacy and security.

Portability refers to protecting an individual's ability to get health insurance if there is a current or preexisting medical condition.

Transaction concerns the process of reporting health-related information. This regulation attempts to standardize the process of how information is reported including claims, enrollment, eligibility and payment.

Privacy and security involve protected health information (PHI). The HIPAA Privacy Rule provides the first national standards for protecting the privacy of health information. Any medical information that contains any personal identifiers such as name, phone numbers, address, medical record numbers or Social Security numbers must have protected access. HIPAA requires that an organization define who has access to PHI and how much of the patient information is accessible. Providers must obtain informed consent from patients in order to disclose, or use PHI, for activities related to treatment and payment. The regulations allow the sharing of information between providers with the same institution, but consent must be given before providers can share information with providers from other institutions. The desired outcome from these rules is to protect individual's medical information from commercial use, personal gain or malicious harm. Now, with all rules and regulations there are a few exceptions. First, PHI can be disclosed without patient consent in an emergency situation, as long as consent is obtained when appropriate after the emergency treatment is delivered. Second, PHI can be obtained by correctional facilities without consent for care and treatment of inmates. And finally, PHI can be disclosed to law enforcement without consent in response to a subpoena.

What Does This Mean for HIV?

In general, confidentiality is a concern for individuals who are HIV positive. It is important to understand the potential problems of disclosure of an individual's status and respect the desires for confidentiality. According to an article published in AIDS Care in 2001, fears of breaches in confidentiality resulted in individuals actually not accessing treatment in order to prevent the release of sensitive information. This fear definitely affects the care these individuals are receiving, directly impacting their health.

Organizations involved with HIV care are aware of the need to protect the confidentiality of those individuals receiving services. Accordingly, HIPAA has put into place rules and regulations with civil and criminal penalties to ensure confidentiality and the rights of individuals are protected. While HIPAA does not separately address HIV/AIDS patient information, individuals are still protected under the general guidelines regarding release of any health information including HIV status. Advocates encourage individuals to embrace this opportunity to use HIPAA as a way to discuss confidentiality with their healthcare professionals to know when information is being shared with others and why it is being done. This allows you to understand your rights and impact how your information is being protected.


HIPAA enacts rules and regulations to protect individual's health information. There are several protections provided by this law, which are important to people living with HIV.

  • HIPAA limits but does not completely eliminate the use of preexisting condition exclusions.

  • Prohibits group health plans from discriminating by denying you coverage or charging additional fees for coverage based on an employee's family member's past or present poor health.

  • Guarantees certain small employers and certain individuals who lose job-related coverage the right to purchase individual health insurance.

  • In most cases, guarantees that employers or individuals, who purchase health insurance, can renew the coverage regardless of any health conditions of individuals covered under the insurance policy.

If you would like more information regarding HIPAA or other laws and how they relate to individuals who are HIV positive, please visit the CDC informational page regarding HIV and the law at www.brta-lrta.org/law/law.htm.