Skip to Main Content

Information from TN Dept of Health about the Ongoing Novel Coronavirus Outbreak

HIPAA: Health Insurance Portability Accountability Act


HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
HIPAA is divided into different titles or sections that address a unique aspect of health insurance reform. Two main sections are Title I dealing with Portability and Title II that focuses on Administrative Simplification.


This section allows individuals to carry their health insurance from one job to another so that they do not have a lapse in coverage. It also restricts health plans from requiring pre-existing conditions on individuals who switch from one health plan to another. The Tennessee Department of Commerce and Insurance can assist you if you have any questions regarding the portability of your health plan if you change jobs. You may call them at (615) 741-2218 or 1-800-342-4029 (inside Tennessee)

Administrative Simplification

This section is the establishment of a set of standards for receiving, transmitting and maintaining healthcare information and ensuring the privacy and security of individual identifiable information.

The HIPAA electronic data requirements are meant to encourage the health care industry to move the handing and transmission of patient information from manual to electronic systems in order to improve security, lower costs, and lower the error rate. However, the main focus on this page is the Privacy provisions of HIPAA.


HIPAA provides for the protection of individually identifiable health information that is transmitted or maintained in any form or medium. The privacy rules affect the day-to-day business operations of all organizations that provide medical care and maintain personal health information.

Who Must Comply?

HIPAA requires the following entities to comply:

Health Care Providers:  Any provider of medical or other health Services that bills or is paid for healthcare in the normal course of business. Health care includes preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, services, assessment, or procedure with respect to the physical or mental condition, or functional status of an individual. 
Health Care Clearinghouse: Businesses that process or facilitate the processing of health information received form other businesses. It includes groups such as physician and hospital billing services.
Health Plans: Individuals or group plans that provide or pay the cost of medical care and includes both Medicare and Medicaid programs.

What Health Information is Protected?

HIPAA protects an individual’s health information and his/her demographic information. This is called “protected health information” or “PHI”. Information meets the definition of PHI if, even without the patient’s name, if you look at certain information and you can tell who the person is then it is PHI. The PHI can relate to past, present or future physical or mental health of the individual. PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, email, fax, or verbal communications. 

HIPAA defines information as protected health information if it contains the following information about the patient, the patient’s household members, or the patient’s employers:

  • Names
  • Dates relating to a patient , i.e. birthdates, dates of medical treatment, admission and discharge dates, and dates of death
  • Telephone numbers, addresses (including city, county, or zip code) fax numbers and other contact information
  • Social Security numbers
  • Medical records numbers
  • Photographs
  • Finger and voice prints
  • Any other unique identifying number


HIPAA stipulates the following patient’s right under its privacy rule:

  • Patients have a right to receive a notice of the privacy practices of any health care provider health clearing house, or health plan.
  • Patients have a right to see their PHI and get a copy.
  • Patients have a right to request that changes be made to correct errors in their records or to add information that ha been omitted.
  • Patients have a right to see a list of some of the disclosures that have been made of their PHI.
  • Patients have a right to request that you give special treatment to their PHI.
  • Patients have a right to request confidential communications.
  • Patients have a right to complain.

A health provider can disclose an individual’s PHI without the patient’s authorization if the disclosure deals with treatment, payment, operations, or if the information is mandated by law. Otherwise, for most other uses, the patient will need to authorize the provider to make the disclosure.

What Can a Patient Do if He Feels His HIPAA Rights Have Been Violated?

A patient has the right to submit a complaint if he believes that the health provider has:

  • Improperly used or disclosed their PHI
  • Concerns about their HIPAA Privacy policies
  • Concerns about the provider’s compliance of its privacy policies.

The patient may file the complaint with either of the following:

  • The provider’s Chief  Privacy  Officer
  • The US Department of Health and Human Services, Office of Civil Rights,

If you have a complaint against a TN. Department of Health Facility,

Contact TDH Hotline: (615) 253-5637 or 1-877-280-0054