The Health Insurance Portability and Accountability Act, or HIPAA, was signed into law on August 21, 1996. It is a complex piece of legislation that requires detailed training and planning by health care providers. It seeks to create greater efficiencies in the health care industry, and ensure privacy of patient's medical records. In order to comply with and meet these ideas, a HIPAA Compliance Plan is essential. Compliance only occurs as a result of a specific plan with detailed procedures. A specific plan needs to be in place to guarantee that the provisions of the law are met. Failure to prepare and implement a plan can have grave consequences.

The main thrust of HIPAA is privacy of medical records. An effective HIPAA Compliance Plan involves setting in place procedures to ensure that there are no breaches of patients' privacy rights under the law. All personnel who have any contact with medical records need to be aware of the provisions of HIPAA. This requires extensive training as part of any plan. The training needs to be comprehensive, and all employees need to be current with the latest effects of HIPAA. In a large medical practice or hospital, one employee's failure to comply with HIPAA can become a source of liability and cost.

What happens when there is no compliance plan, or an ineffective plan, in place? What are the consequences? The main result is a breach of security involving medical records. Someone's private records are released to a party who has no right to the information. This is done by a telephone call, an email, or a written request. It can be as simple as an apparently harmless question from a visitor in the hospital. One slip and personal medical information is released. Former spouses and other individuals may know sufficient personal information about an individual to convince someone to release information. In any event, personnel information can be used for identity theft, or to embarrass the patient. No one wants an unauthorized release of sensitive medical information.

The second consequence that flows from the lack of an effective compliance plan is the liability of the medical provider. They risk claims and lawsuits from patients when unauthorized disclosures are made. This consequence is a never-ending concern. The compliance plan must have safeguards that ensure HIPAA is met at all times. Damages can be fundamental, and the reputation of the medical provider can suffer. Every patient wants the assurance of privacy. If they do not have that, they may avoid the medical provider and seek care elsewhere.