Here's a handy guideline to HIPPA that was sent to me by the Institute for Paralegal Education. This was apparently written by attorney Heather Brochu (a short bio is at the bottom of this blog):

The primary purpose of HIPPA is to outline circumstances in which an individual's protected health information may be used or disclosed by covered entities.

Covered Entities Under HIPPA

- Health care clearinghouses
- Any plan that pays for medical expenses
- Health care providers who transmit health information in connection with certain transactions

Information Protected Under HIPPA

- Past, present, or future physical or mental health condition
- Specific health care treatment provided to an individual
- The past, present, or future payment of health care treatment

How to Obtain Medical Records

- Subpoena or Authorization
- Records can only be subpoenaed once litigation has begun
- If using a subpoena, you must provide notice to the individual whose records you are requesting
- Authorization must be HIPPA compliant in order to obtain an individual's medical records

Information That Makes an Authorization HIPAA Compliant

- Specific information concerning the information to be released
- The person(s) to whom the information is to be released
- Expiration date of the authorization
- Right to revoke (in writing)

OCR Privacy Rule, United States Department of Health & Human Services (May, 2003)

Heather Brochu is an attorney in the law firm of Clark, Long, Werner & Flynn, P.C., where she practices in the area of civil defense litigation. Prior to becoming an attorney, Ms. Brochu worked as a paralegal. Ms. Brochu earned her B.A. degree in paralegal studies from Notre Dame College in Manchester, NH. She became an attorney through a four year clerkship in Burlington and is admitted to the Vermont Bar. She spoke at IPE's "Medical Record Evaluation for Paralegals" seminar 4-10-2007 in Burlington , VT.