Passed by Congress in 1996,

Passed by Congress in 1996, the Health Insurance Portability and Accountability Act (HIPAA) protects the privacy, security, and confidentiality of patients in the American health care system. As Biel-Cunningham (2003) points out, "There are four parts to HIPAA: portability, transaction, privacy and security." Portability prevents preexisting conditions from being impediments to receiving coverage. Transaction refers to the Department of Health and Human Services method of managing data and processing claims and payments. Central to HIPAA are the privacy provisions that protect patient confidentiality. Issues like informed consent are addressed by HIPAA. As the United States Department of Labor (n.d.) points out, HIPAA "includes protections for coverage under group health plans that limit exclusions for preexisting conditions; prohibit discrimination against employees and dependents based on their health status; and allow a special opportunity to enroll in a new plan to individuals in certain circumstances." Therefore, HIPAA covers a wide range of issues related to health care rights.

The HIPAA includes an important privacy rule that "protects the privacy of individually identifiable health information," (U.S. Department of Health and Human Services n.d.). These rights become especially important for patients with chronic illnesses like HIV / AIDS. For one, HIPAA prohibits insurers from discriminating against patients (U.S. Department of Labor n.d.). This means that persons diagnosed with HIV / AIDS have the legal right to retain their insurance coverage even when they move to a new job.

Because privacy is central to HIPAA, patients with HIV / AIDS can also rest assured that employers are not legally allowed access to confidential healthcare data. Discrimination against persons with any chronic illness, either by the insurer or by the health care provider, is prohibited. However, there are loopholes in HIPAA that do make it possible for private information to be shared among interested parties. For example, the Columbia University Medical Center (n.d.) directly states their policy towards uses and disclosure of sensitive HIV / AIDS information: "Columbia University Medical Center will use and disclose HIV / AIDS information in accordance with its extremely confidential nature as required by city, state, and federal laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA)." The instances in which a patient's HIV / AIDS information may be used are surprisingly broad. For example, Columbia University's Medical Center (n.d.) notes that a patient's HIV / AIDS data can be used for "assessing or managing the patient's health; for purposes of providing treatment to, including counseling, or receiving payment for such treatment of the patient; and for purposes of maintaining or managing medical records on behalf of the health care provider." This means that access to patient HIV / AIDS information can be obtained when any of these conditions is deemed satisfactorily met by the health care administrators.

The range of situations in which patient data, including HIV / AIDS information, can be shared or disclosed is startlingly broad. For this reason, patients with HIV / AIDS should be aware of their limited rights. If a health care provider can prove "knowledge of the HIV / AIDS information is necessary to provide appropriate care or treatment to the patient," such information will be disclosed in many circumstances (Columbia University Medical Center n.d.).

HIPAA's privacy protections are even dependent on state law. Moreover, the Department of Health and Human Services does not include special provisions for HIV / AIDS, opening up further possibilities for abuse on the part of health care providers, employers, and insurers. While the "civil and criminal penalties" are in place to "ensure confidentiality and the rights of individuals are protected," persons with HIV / AIDS need to be wary (Biel-Cunningham 2003). As Avert (n.d.) points out, "HIPAA limits but does not completely eliminate the use of preexisting condition exclusions." HIPAA does not protect the rights of patients living with HIV / AIDS as much as it may seem or as much as patients deserve.

The United States Department of Health and Human Services (n.d.) admits the limitations of the HIPAA, acknowledging that life insurers, workers compensation carriers, schools, school districts, child protective service agencies, law enforcement agencies, municipal offices, and even employers are not obliged to follow the provisions of the Privacy Rule. The exceptions to the Privacy Rule are so extensive as to render it practically meaningless, especially with those that have HIV / AIDS. HIV / AIDS is considered to be "extremely sensitive" patient data (Columbia University Health Care Center n.d.). However, access to the extremely sensitive data might be difficult to acquire due to the normative need for informed consent.

Still, inappropriate information disclosure remains a real possibility for persons living with HIV / AIDS and who want to be sure their health records remain private. Part of the reason for increased concern among the HIV / AIDS community is that the disease is highly stigmatized and prejudice remains rampant. According to an international HIV / AIDS charity, "prejudice, negative attitudes, abuse and maltreatment " plague persons with AIDS and HIV (Avert n.d.). Stigma and discrimination prevents access to health care services, due to the "fears of breaches in confidentiality" as well as fears of stigmatization and overt prejudicial treatment (Biel-Cunningham 2003).

Granted, HIPAA does offer some protection for patients with HIV / AIDS. For example, HIPAA "prohibits group health plans from discriminating by denying you coverage or charging additional fees for coverage based on an employee's family member's past or present poor health," (Biel-Cunningham 2003). A patient also has the right to purchase health care insurance when none is provided by the employer. The diagnosis of HIV / AIDS cannot be a barrier to receiving care at no extra cost. Furthermore, a patient "can renew the coverage regardless of any health conditions of individuals covered under the insurance policy," (Biel-Cunningham 2003).

Factors that contribute to HIV / AIDS stigma include the fear of contagion, which is often disproportionate to reality (Avert n.d.). Furthermore, "infection is associated with behaviors (such as homosexuality, drug addiction, prostitution or promiscuity) that are already stigmatized in many societies," (Avert n.d.). Due to prejudice and discrimination, patients with HIV / AIDS may not be receiving equal access to health care services. As Avert (n.d.) points out, "fear of stigma and discrimination as the main reason why people are reluctant to be tested, to disclose HIV status or to take antiretroviral drugs." Not only does stigma prevent individual access to care, thereby hindering positive prognoses. Stigma actually leads to the proliferation of the disease. Persons afraid of the stigma might not get tested for HIV / AIDS, which would then cause them to infect future sex partners if they were positive. Also, patients who do not receive adequate care may be engaging in destructive behaviors due to lack of access to information or prevention. Prejudice and stigma "contribute to the expansion of the epidemic (as a reluctance to determine HIV status or to discuss or practice safe sex means that people are more likely to infect others) and a higher number of AIDS-related deaths," (Avert n.d.). If HIV / AIDS patients are concerned that HIPAA does not offer them enough protection against the disclosure of sensitive data, then receiving quality of care becomes a public health issue. Therefore, the ramifications of improper information disclosure are ethical, social, legal, and financial.