Health Insurance Portability and Accountability Act
To file a HIPAA complaint, call (800) 372-2973.
The information and documents posted within this section are offered to assist state agencies and Kentucky's partners in understanding the obligations imposed by the Health Insurance Portability and Accountability Act (HIPAA).
The Commonwealth of Kentucky and the Department for Behavioral Health, Developmental and Intellectual Disabilities (DBHDID) provide no guarantee of the accuracy of this information nor warranties of any kind. Use of this information is at the sole risk of the user. As with any matter of law, independent legal counsel should be consulted regarding compliance with the requirements of the Health Information Portability and Accountability Act.
Click on a HIPAA issue below to review information about the issue.
- What is HIPAA?
- Most of us are familiar with the federal Health Insurance Portability and Accountability Act, which was passed by Congress in 1996 to address the portability of insurance coverage when people change jobs. Less widely known, but having more impact on the Department and its providers is the administrative simplification section that addresses the standardization of two substantive issues in the health care industry:
- Electronic exchange of administrative and financial information.
- Security and privacy of consumer healthcare information.
- What and who is affected by HIPAA?
- The department, its providers, and other state agencies and private providers with whom the department exchanges electronic patient information are affected by HIPAA. Information and transactions addressed in the law are:
- Health claims
- Encounter information
- Health plan enrollment and disenrollment
- Payment and remittance advice
- Premium payments
- First reports of injury
- Claims status
- Referral certification and authorization
In addition, the law mandates that consumers be informed of how their health care information is used and how they may exercise discretion over its disclosure. That mandate includes the right to access, copy and change their clinical records.
- What happens if an organization such as the department or one of its providers fails to comply with HIPAA?
- Each regulation has its own compliance and enforcement stipulations. In general, civil penalties may be assessed for each violation under the Transactions Regulations. Civil and criminal penalties may be assessed for each violation of the Privacy Regulations. The penalties may be assessed to an organization or any person within the organization.
Links to HIPAA Information