Report Fraud, W​aste 
& Abuse



Health Information Portability & Accountability Act (HIPAA)

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) went into effect on July 1, 1997.  It protects an insured person's insurability.  Before this law, if an insured person lost insurance coverage for some reason, losing a job for example, he or she could be required to prove insurability before obtaining new coverage.  For most people this wasn't a problem; however, for people with chronic health problems or whose health deteriorated while they were covered, it was a serious problem.  Such people lived in constant fear of losing their jobs and thereby losing their health insurance.  Now, if a person has been insured for the past 12 months, a new insurance company cannot refuse to cover the person and cannot impose preexisting conditions or a waiting period before providing coverage.

It became evident to Congress that successful HIPAA implementation would require a major upgrade to communications between health care providers, insurance plans and employers.  Many security, privacy, and confidentiality issues would also have to be addressed.  So the law was written to include those kinds of mandates, with significant penalties for non-compliance.

Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH) as part of the American Recoveries and Reinvestment Act (ARRA) of 2009, which made several significant modifications to HIPAA. On January 25, 2013, the US Department of Health and Human Services (HHS) released the Omnibus Final Rule, which implemented changes to HIPAA pursuant to HITECH and the Genetic Information Nondiscrimination Act (GINA) of 2008. The Omnibus Final Rule also made additional changes to the HIPAA regulations. The Omnibus Final Rule became effective on March 26, 2013, and its compliance date was September 23, 2013.

Do you have a question regarding HIPAA?  Call the DHMH Privacy Officer at (410) 767-5784.  Or submit a written question/ complaint to:

MDH - Office of the Inspector General
Privacy Officer
201 W. Preston St.
Baltimore, MD 21201

To find our more about HIPAA, please visit the links on the sides of this page for everything you need to know.