HIPAA was built around five basic principles:
- First and foremost, health information (PHI) should be used for healthcare purposes. It should be easy to use for healthcare purposes, and difficult for other purposes. Those who receive health information (PHI) must take real and reasonable steps to safeguard it, ensuring that it is not improperly used.
- The second principle is that technical security safeguards must be used to protect computerized health information (PHI). This includes audit trails showing who accessed the data and the tracking of any improper use of the information.
- The third principle is the patient's right to access of their own information. They should have the right to inspect, copy, and if needed, to correct it.
- The fourth principle is accountability. Criminal penalties or fines and imprisonment can be imposed on those who have breached the security and protection of health information (PHI). The penalties for violation are higher for those acts that are committed for monetary gain.
- The fifth principle is public responsibility. There must be a balance between protections of personal privacy against national health and safety or law enforcement priorities.
A Gallup Poll taken before the implementation of HIPAA reported the following:
- 77% of Americans feel their health information privacy is very important.
- 84% said they were very concerned that their health information when computerized might be available to others without their consent.
- Only 7% said they are willing to store or transmit their personal information over the Internet, and only 8% said they felt a website could be trusted with this information.
- 90% said they trusted their doctor to keep their information private and secure, 66% trusted a hospital, 42% trusted an insurance company, and 35% trusted a managed care company to do the same.
As consumers of healthcare services, we should all welcome this high level of discretion and confidentiality for our personal health information and for our family's health information. HIPAA rocks!