Introduction to HIPAA

Introduction

What is HIPAA?

• HIPAA stands for the “Health Insurance Portability and Accountability Act”
• It was passed by Congress in 1996
• Requests to gather public comment delayed HIPAA’s starting date until 2003

HIPAA requires many things, including the standardization of electronic patient health, administrative and financial data. It also establishes security and privacy standards for the use and disclosure of “ protected health information ” (PHI).

HIPAA’s Important Parts

The Health Insurance Portability and Accountability Act (HIPAA) provides federal protections for patient health information and gives patients rights regarding their information. The rules include:

• Privacy Rule: Protects the privacy of individual health information.
• Security Rule: Sets national standards for securing electronic protected health information (ePHI).
• Breach Notification Rule: Requires notification after a breach of unsecured protected health information (PHI).

Covered Entities (CEs) must follow all three rules, while Business Associates (BAs) must follow the Security and Breach Notification Rules and certain parts of the Privacy Rule.

HIPAA’s privacy and security requirements apply regardless of the entity’s size or the volume of PHI it handles. This means private practices, medical practices, dental practices, nursing homes, physical therapy practices, solo practices (such as psychologists), business associates, hospitals, and healthcare systems of all sizes, regardless of how much PHI they handle, must comply with HIPAA’s regulations.