Chelsey Tucker graduated with a Bachelor of History degree from Metropolitan State University in 2019. She now writes about insurance with her specialty being life insurance and has been quoted on Help Smart Phone and MEL Magazine.

Full Bio →

Written by

Dan Walker graduated with a BS in Administrative Management in 2005 and has been working in his family’s insurance agency, FCI Agency, for 15 years. He is licensed as an agent to write property and casualty insurance, including home, auto, umbrella, and dwelling fire insurance. He’s also been featured on sites like

Full Bio →

Reviewed by Daniel Walker
Licensed Auto Insurance Agent

UPDATED: Mar 19, 2020

Advertiser Disclosure

It’s all about you. We want to help you make the right coverage choices.

Advertiser Disclosure: We strive to help you make confident insurance decisions. Comparison shopping should be easy. We are not affiliated with any one insurance provider and cannot guarantee quotes from any single provider.

Our insurance industry partnerships don’t influence our content. Our opinions are our own. To compare quotes from many different insurance providers please enter your ZIP code above to use the free quote tool. The more quotes you compare, the more chances to save.

Editorial Guidelines: We are a free online resource for anyone interested in learning more about auto insurance. Our goal is to be an objective, third-party resource for everything auto insurance related. We update our site regularly, and all content is reviewed by auto insurance experts.

The lowdown...

What is the Health Insurance Portability and Accountability Act (HIPAA) designed to do?

  • HIPAA is the federal law that protects the privacy rights of individuals regarding health issues that are of a sensitive nature
  • The law requires all covered entities to exercise caution when sharing medical information with others
  • Insurance agencies, as well as doctors, hospitals, and others, are all held responsible for following this law
  • The law protects your sensitive health information while providing access to those who need the information to help the patient

Health insurance can be complicated at times. There are many laws surround the rules and regulations of insurance. Many of these laws are created to make insurance companies follow certain procedures so that their clients will be duly informed, such as with the “Replacement rule”, which requires agents to inform clients about the risk of dropping insurance before they have their new policy.

Other rules center around the responsibility of insurance companies themselves, such as the fact that they are required to keep a certain amount of money in reserve so that they can cover any claims that might be reported during that time. Compare health insurance rates now by using our FREE tool above!

One law, the Health Insurance Portability and Accountability Act (HIPAA), is one that is of particular important to clients because it protects their right to privacy.

Generally stated, HIPAA is a federal law that governs the insurance industry that requires the protection of one’s right to privacy regarding their health information. But there are certain specific clauses also inherent in this law. HIPAA is also known loosely as “The Privacy Rule”.

National Standards for Health Insurance


While it is true that insurance laws can vary from state to state, there are certain federal rules that must be followed, regardless of which state the insurance company serves.

The Privacy Rule (HIPAA) of 1996 set a national standard for disclosure and use of health information of individuals that protects sensitive information. The U.S. Department of Health and Human Services (HHS) issued this law to hold insurance, medical, and others accountable to protect this information from third parties.

Compare Insurance Providers Rates to Save Up to 75%

 Secured with SHA-256 Encryption

Covered Entities

Covered entities, as stated in the law, require specific agencies, doctors, and insurance professionals to keep information that is deemed sensitive private, except in cases when the information must be passed to others for reasons affecting their wellness and health care.

Who enforces the HIPAA law?

The Office for Civil Rights (OCR) is the one who has the responsibility of implementing and enforcing HIPAA.

The goal of HIPAA is to ensure that the health information of individuals is protected while also allowing the natural use of the information to help the person achieve wellness and good health.

A secondary purpose (other than the protection of individual rights) is to protect the general health and well-being of the public at large.

When the privacy rights of the individual and the public interest conflict, a balance must be struck between the two to keep the public safe while only divulging information that is necessary for each situation.

The courts have held that, so long as it can be shown that there was a clear and present danger (or similar litmus test) to the public and that only the information that was relevant to that danger was disclosed, they will not usually be held liable for violation of the rule.

History of the HIPPA Law

Though the HIPAA Law, as we know it, was only established in 1996, there is a long history of attempt to enforce the law after this time. Various examples and case studies of the law and failure to enforce it, are recorded on the HHS website.

Compare Insurance Providers Rates to Save Up to 75%

 Secured with SHA-256 Encryption

Who are the “covered entities?”

The covered entities for HIPAA include the following organizations and entities in general but it may include others as well.

All of the above entities are held responsible for protecting a patient’s health information and guarding it from others, except in cases where it is necessary to pass the information to others for the benefit of the patient.

The Finer Points of the Law


It is important to remember what the HIPAA law is for when dealing with individual cases. HIPAA is meant to help the patient by keeping sensitive health information private. But the finer points require us to consider which information is “sensitive” and whether it would be deemed necessary by a court if it is necessary to divulge the information.

Some cases are more prominent than others, but when professionals divulge some information that is necessary but other information which is not, it becomes a sticky situation for caregivers and agencies.

Care should always be given to divulging information, even within the body of network agencies that are directly addressing the patient’s need and it should always be considered whether the information is truly needed to carry out a health plan, treatment, or other services.

Some situations that document illegal disclosure of information include the following:

  • Divulging information to an unauthorized family member– Care must be given when talking to family members of a patient or client due to the fact that not all family members are authorized to receive the information. HIPAA guarantees the total right to privacy of sensitive health data, including the right to keep this private from family members. Covered entities are required to make sure that this information is kept private to everyone except authorized persons who it is deemed necessary to divulge it to.
  • Divulging information to a patient’s employer without consent– Employers are not considered to be an automatically authorized party to receive sensitive health information. Entities must make sure that the employee has signed a release previous to the incident in which they stated that it was alright for their employer to have access to such information.
  • Placing insurance cards in another person’s bag or mail receptacle– One HIPAA case on the record books actually involved a pharmaceutical company placing a patient’s insurance card in another patient’s bag. This gave the second patient free access to information about the patient’s medical records. An insurance card shows that the patient has insurance, the company they have the insurance with and even their account number, making it easier to have access to their full records.
  • Failure to divulge requested information to authorized persons– In some cases, the problem is more about failure to pass information along rather than divulging too much information. Parents who ask to see the full medical records of a child have the right to do this as they are authorized persons, except in the case of estranged parents that have restrictions on these rights. Situations like this must be handled very carefully so as to communicate the information to the people who have a right to it while protecting it from those who don’t.

How HIPPA Affects You

When shopping for insurance, remember that HIPAA is there to protect you. It is federal legislation that ensures that your information will not be carelessly shared with others or divulged to parties who are not authorized to receive it. Ask a representative to explain the policies of a health insurance company regarding HIPAA to get a feel for how much they follow this important law.

Compare Insurance Providers Rates to Save Up to 75%

 Secured with SHA-256 Encryption

Government Programs and HIPPA

Programs such as CHIP (Children’s Health Insurance Program), often require the passing of information between professionals when applying for Medicaid help for kids.

Even though it is an obvious need for entities to share information between agencies, care must be given that there is not too data exchanged so as to sacrifice the privacy rights of the child or parents.

The Hippocratic Oath

There are many rules and philosophies surrounding the health industry. One of these that doctors swear to uphold as a physician or caregiver is, “First, do no harm.” This rule is at the heart of the HIPAA laws and helps remind covered entities that they are to guard all aspects of a patient’s well-being, even when it comes to delivering their health care.

Due Diligence

As long as the covered entity or health care professional (or insurance carrier) has done their “due diligence” to protect the best interests of the patient, they are usually not held liable in such cases.

Compare Insurance Providers Rates to Save Up to 75%

 Secured with SHA-256 Encryption

HIPAA Covers Financial Records Indirectly


Health information includes information on a person’s general health, as well as their financial records in some cases since records are kept for several years involving a patient’s payment on medical expenses.

Insurance is a financial institution and insurance agents and agencies, like the other covered entities, have a responsibility to “first do no harm” regarding the protection of sensitive health information.

Enter your zip code in our FREE tool below to start comparing health insurance now!

If you have any questions about HIPAA and whether your insurance company is following this important privacy rule, contact an agent to learn more about what you can do.