The Health Insurance Portability and Accountability Act of 1996 (HIPAA – Public Law 104-191) protects personal health information. People have certain rights concerning their health information, including setting boundaries on how entities use the information, establishing proper safeguards, and holding violators accountable. The HIPAA Privacy regulations went into effect on April 14, 2003.

Personal health information may be verbal, written, or electronic communication created, received, or maintained by Texas HHS. It relates to the past, present, or future physical or mental health of any person.

Protected Health Information (PHI) is available to pharmacy staff daily. PHI includes any health care data plus any other identifying information allowing someone to use the data to identify a specific person. Data may consist of claim information, prior authorizations, medical records, or consent forms.

Pharmacy staff should never release PHI to anyone who does not need to know the information. If you are asked about a person's PHI and do not feel the person asking needs to know, immediately refer to your supervisor. You should discuss questions or concerns about PHI with your management.