Health Insurance Portability & Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) went into effect on August 21, 1996.  It protects an insured person's insurability.  Before this law, if an insured person lost insurance coverage for some reason, losing a job for example, he or she could be required to prove insurability before obtaining new coverage.  For most people this wasn't a problem; however, for people with chronic health problems or whose health deteriorated while they were covered, it was a serious problem.  Such people lived in constant fear of losing their jobs and thereby losing their health insurance.  Now, if a person has been insured for the past 12 months, a new insurance company cannot refuse to cover the person and cannot impose preexisting conditions or a waiting period before providing coverage.


It became evident to Congress that successful HIPAA implementation would require a major upgrade to communications between health care providers, insurance plans and employers.  Many security, privacy and confidentiality issues would also have to be addressed.  So the law was written to include those kinds of mandates, with significant penalties for non-compliance.

To find our more about HIPAA, please visit the links on the sides of this page for everything you need to know. 

Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH) as part of the American Recoveries and Reinvestment Act of 2009.  HITECH makes several significant modifications to HIPAA.  These changes include:

  • Creating incentives for developing a meaningful use of electronic health records
  • Changing the liability and responsibilities of Business Associates
  • Redefining what a breach is
  • Creating stricter notification standards
  • Tightening enforcement
  • Raising the penalties for a violation
  • Creating new code and transaction sets

Are you a DHMH employee or client?  Do you have a question regarding HIPAA?  Call the DHMH Privacy Officer at (410) 767-5411.  Or submit a written question/ complaint to: 

Lauren Boyce, Esq.
Privacy Officer
MDH- Office of the Inspector General
201 W. Preston St., Floor 5
Baltimore, MD 21201

If you have a privacy complaint that is NOT related to a DHMH facility or employee, please refer to the HHS website for a complaint form.

HIPAA Resources

DHMH Resources


Contact Us

Lauren Boyce, Esq.

Privacy Officer

MDH - Office of the Inspector General

201 W. Preston St., Floor 5

Baltimore, MD 21201