Main content

    HIPAA - Frequently Asked Questions
    Sutter Medical Center, Sacramento

    What is HIPAA?

    HIPAA stands for Health Insurance Portability and Accountability Act of 1996. The Act was developed by Congress to protect the confidentiality of a person's medical information. It sets boundaries on the use and release of health records and establishes safeguards to protect the privacy of health information.

    When does HIPAA go into effect?

    The HIPAA Privacy Rule has a compliance deadline of April 14, 2003.

    What is the difference between privacy and security of patient information?

    Security is the ability to control access and protect information from accidental or intentional disclosures to unauthorized persons. It is done through the use of technical controls.

    Privacy is the controlling of who is authorized to access patient information and under what circumstances patient information may be accessed, used, and/or disclosed to third parties. Privacy is controlled through policies and procedures.

    Does HIPAA only protect patient information in electronic format?

    No. HIPAA protects all patient information whether it is written or electronic.

    Does HIPAA protect oral communication?

    It ensures that appropriate safeguards are taken when oral communication to third parties and in open-access areas occurs.

    Is all patient information protected?

    With a couple of exceptions, protected health information (PHI) includes all individually identifiable health information that is transmitted or maintained in any form or medium. This includes demographic information that ties the identity of the individual to his or her health record. Examples are names, addresses, geographic codes smaller than state, all dates (except year) elements related to the person, telephone numbers, fax numbers, license numbers, social security numbers, etc. The information is protected if it can possibly identify the person.

    One notable exception involves disclosures of patient information that are required by law. For example, we are required by law to report communicable diseases to the appropriate authorities.

    Who is covered by the HIPAA privacy and security regulations?

    Health care providers, insurance companies, and health care clearinghouses must all follow the HIPAA Privacy Rules. (A health care clearinghouse is an organization that received health care data and reformats the data for processing. This is typically used for sending information to health insurance companies and for billing purposes.)

    What is an Acknowledgement of Receipt?

    When you receive your Notice of Privacy Practices, either in the mail or from one of our staff members in person, you will be asked to sign an Acknowledgement of Receipt. By signing this document, you are saying that you received a copy of the Notice of Privacy Practices - not that you agree to everything in the Notice or have even read the Notice. We are required by the HIPAA privacy rule to make a good effort at obtaining an acknowledgement from every patient.

    Can a family member or close friend who is involved in an individual's health care be consulted/be involved in sharing health care information in the individual's best interest?

    The health care professional can use professional judgment when including a family member or close friend in an individual's care. This includes the sharing of protected health information if it is in the best interest of the patient. If patients have the capacity to make their own decisions, then they must be consulted and given the opportunity to agree or object to the disclosure of protected health information to third parties.


    back to top