Answer: Organizations under the federal HIPAA privacy law are expected to do all of these things: provide cover for identifiable personal information about the "past, present or future physical or mental health conditions of patients.
Explanation: Privacy protections come from both federal and state law, and the HIPPA privacy law contains rules about who can access health information, and under what circumstances these information can be given. The law thus governs health care providers, health plans, and health information clearinghouses, their business associates, and the workers for those organizations. Organizations under the HIPAA privacy law must cover identifiable personal information about the "past, present or future physical or mental health condition of patients in any form or medium, as long as it is identified (or identifiable) as a particular patient's information and data.
