As health care consumers, attorneys may need no introduction to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). It may have introduced itself to you already in the form of a refused request for your spouse’s pharmacy receipts without signed authorization, or lengthier patient information forms to fill out before seeing a new doctor. On the other hand, the legislation may have facilitated your own access to your personal health records that otherwise would have been denied, or shielded those records from public disclosure by deterring a mass data spill. Along with establishing portability requirements for employee health plans and standardized coding for health transactions—and several other health care-related topics beyond the scope of this article—the agency rules mandated by HIPPA set the standards for privacy and security of health information stored or transmitted by covered entities. Here are some starting points for HIPAA compliance research.
Paul M. Birch, HIPAA Compliance Resources, Va. Law., December 2011 at 54.