The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by Congress on August 21, 1996. The purpose of the legislation is to provide federal protections for personal health information held primarily by health care providers. The Act also sets forth the rights of patients with regard to personal information provided to health care providers.
For more information about the Act and your rights under it, go to the Department of Health & Human Services' Web Site http://www.hhs.gov/ocr/privacy/
Why Everyone Needs a HIPAA Authorization
As explained on the HHS website, health care providers (called "covered entities" under the law) must have procedures in place to limit who can view and access your health information. The law does not require a health care provider to share information with your family or friends, unless they are your personal representatives. However, the law does permit providers and plans to share information with your family or friends in certain circumstances and if you tell the provider that it can do so.
Everyone should have a HIPAA authorization that specifically identifies the persons with whom your health care providers can share your personal information. Preparing and signing such an authorization will assure that family members who you will rely on to make health care decisions for you can gain access your health care information.