Ohio's HIPAA Law

The Health Insurance Portability and Accountability Act was passed by Congress in 1996. It was created to increase the efficiency of the health insurance industry and protect patients' privacy. The state of Ohio has created an agency to ensure statewide compliance with this law.


The Health Insurance Portability and Accountability Act (HIPAA) is divided into five titles. Title 1 addresses gaining and keeping healthcare. It provides details for certificates of coverage and prohibits discrimination in employee healthcare based on health status. Title 2 simplifies the healthcare system and looks to prevent abuse and fraud. It establishes penalties for wrongly disclosing information and standardizes formats and codes for easy communication. Title 3 addresses health insurance tax law and clarifies certain deductibles. Title 4 deals with group health plans and protection for people with preexisting conditions. Title 5 lays out conditions for company-owned life insurance policies and people who lose citizenship for income tax reasons.


In most cases, HIPAA standards overrule conflicting state laws. However, there are three exceptions to this, as outlined by the U.S. Department of Health and Human Services, which would result in the law of Ohio or any other state overruling the HIPAA. The first exception is a state law that demands greater privacy than the HIPAA. The second is a state law that mandates the revelation of information to a state court, state or local police, state department of health, or other office if it concerns "disease or injury, child abuse, birth, or death, or for public health surveillance, investigation, or intervention." The third exception is a state law that mandates divulging health plan information to some authority, citing the examples of management and financial auditing.

Special Considerations

The U.S. Department of Human Services also states that they will make a decision if a conflict arises that is not addressed by one of the exceptions. A state law will be upheld if it is needed to "prevent fraud and abuse related to the provision of or payment for health care," "to ensure appropriate State regulation of insurance and health plans to the extent expressly authorized by statute or regulation," "for State reporting on health care delivery or costs," or if the law in question is primarily for regulating the "manufacture, registration, distribution, dispensing, or other control" of a controlled substance.

Ohio Enforcement

The Ohio Governor's Office established HIPAA Ohio to create a common structure for all state agencies to effectively and efficiently implement HIPAA regulation. The Ohio Department of Agriculture Services, Department of Aging, Department of Alcohol and Drug Addiction Services, Attorney General, Auditor of State, Budget Management, Department of Health Department of Job and Family Services, Department of Mental Health, Department of Mental Retardation and Developmental Disabilities, Department of Rehabilitation and Corrections, Veterans Home, and Bureau of Workers' Compensation are all member agencies. As HIPAA involves healthcare, the law around it, accounting, and millions of people, employees of all of these agencies work as a part of HIPAA Ohio.

Ohio Leadership

HIPAA Ohio is governed by the Executive Leadership Committee, a group of agency leaders. This committee has the final say in all HIPAA-related financial, policy, and managerial matters and is responsible for communicating with other states and agencies. The Deputy Directors Project Management Team is in charge of outlining objectives. The Technology Partners Committee and the Business Partners Committee look at policy and assign issues for work groups to resolve. Work groups are in charge of developing policies for the state to best implement HIPAA regulation as well as writing up legal contracts, codes and educational materials for health care providers and others who need to understand HIPAA regulation.

Related Articles