HIPAA Application

• A business and organization that must comply with the HIPAA privacy rule is referred to as a covered entity under HIPAA. Covered entities include health plans (such as HMOs and insurance companies), health-care clearinghouses and health-care providers who conduct business electronically.
  
  

Consumer Rights under HIPAA

• HIPAA provides patients with the right to inspect their medical records for accuracy. Patients also have a right to know who has access to their private health information and how the records may be used. Consumers may file a complaint with the Department of Health & Human Services (HHS) Office for Civil Rights concerning a disclosure or noncompliance issue.
  
  

Consumer Rights Under FACTA

• FACTA authorizes consumers to request that credit agencies place a fraud alert in their file. Consumers may also obtain two free credit reports in a 12-month period following the placement of a fraud alert in their file. FACTA authorizes consumers to request applications and other information from businesses and financial institutions concerning fraudulent transactions.
  
  

State Laws

• In most instances, HIPAA preempts state health-privacy laws. However, if a state health-privacy law is more stringent, it may supersede HIPAA. Conversely, under FACTA, in cases of fraud and identity theft, consumers may have additional rights under state law. As a result, the Federal Trade Commission (FTC) encourages consumers to speak with state consumer-protection agencies also.
  
  

Enforcement

• HIPAA is enforced by the HHS Office for Civil Rights. FACTA is enforced by the FTC.