The Health Insurance Portability and Accountability Act, known as HIPAA went into effect on April 14, 2003.  This law itself was enacted in 1996 to allow Congress to pass privacy legislation for health care.  Congress did not meet the deadline to pass this legislation, so the U.S. Department of Health and Human Services received authority to write privacy regulations known as the “Final Rule” which was published on December 20, 2000.      HIPAA affects many different aspects of health care.  The Health Information Management department must protect the privacy of patients’ medical information.  When disclosing protected health information, a signed authorization is required except if the information is being disclosed for the following reasons: treatment, payment, or healthcare operations.      Also important, along with Privacy, to the HIPAA Final Rule is the Security portion which also serves to protect patients’ medical information.  This includes protecting computer monitors from the view of the public and keeping medical record information away from public-accessible locations.      Perhaps the piece that scares people most is the penalties for non-compliance with HIPAA by-laws, including $100 for each smaller violation, and up to $250,000 or prison sentence of 10 years for knowingly releasing patient information in violation of HIPAA.  HIM employees have been greatly affected by the new HIPAA rule, perhaps more than anyone, is the Release of Information clerk.  It is very important for this person to have wide knowledge of HIPAA for disclosing information in the correct manner.