In 1996, the Health Insurance Portability and Accountability Act (HIPAA) became law and began to reshape how patients and healthcare providers think about the privacy of patient information. For interpreters who work in health care settings, it is important to understand how the patient privacy requirements of HIPAA affect their work and conduct.
In April, 2003, the regulations outlining health privacy protections became fully operational. The “privacy rule” provides a set of minimum national standards that limit the ways that health plans, pharmacies, hospitals, clinicians, and others (called “covered entities”) can use patients’ personal medical information. As stated by the Department of Health and Human Services, “A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being.
The regulations protect medical records and other individually identifiable health information, whether it is on paper, in computers or communicated orally. The responsibility to abide by HIPAA binds the covered entity not only to ensure that its own staff protect patient privacy but also that anyone who it “controls” (such as volunteers) and with whom it contracts (called “business associates”) follows these regulations. Thus interpreters who work in health care settings – whether as an employee, independent contractor or volunteer – are generally required to uphold the HIPAA privacy regulations.
The purpose of this memo is to explain HIPAA and its application to interpretation provided in health care settings.