HIPAA (Health Insurance Portability and Accountability Act)

What Is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act.  Signed into law by President Bill Clinton in 1996, HIPAA is designed to ensure greater privacy and accountability for sensitive health information. 

The 5 Titles of HIPAA

Title I

Title I of HIPAA protects health coverage for people who lose their job and prevents health insurance companies from denying people with pre-existing conditions. 

Title II

Title II of HIPAA calls for national standards to protect sensitive information when processing electronic healthcare transactions. 

Title III

Title III of HIPAA sets tax guidelines for healthcare. 

Title IV

Title IV of HIPAA establishes further provisions for people with pre-existing conditions. 

Title V

Title V of HIPAA is concerned with company life insurance and treatment for those who lose their U.S. citizenship.

When people refer to "HIPAA compliance," they're typically referring to Title II, and that remains the dominant aspect of the legislation that is still relevant today. For this reason, Title II is what we'll be focusing on.

When and Why HIPAA Law Was Passed

HIPAA was passed in August of 1996 as part of President's Clinton's sweeping healthcare reform. Title II was established due to a growing concern over cyber vulnerability. Before this law was passed, there was no firmly established set of rules for protecting private medical information, and the growing shift from paper to online processing necessitated a set of rules for safeguarding people's records. 

Being HIPAA Compliant

By law, any business or entity that processes protected health information (PHI) must be HIPAA compliant. Specifically, they must ensure that all of the established security measures are followed.

How to Become HIPAA Compliant

In order to become HIPAA compliant, you must first familiarize yourself with the four rules:

HIPAA Privacy Rule:

Establish technical, physical and administrative safeguards for all sensitive medical information. 

HIPAA Security Rule:

Do not disclose sensitive medical information in accordance with the law. 

HIPAA Enforcement Rule:

Know the rules and procedures regarding HIPAA violations. 

HIPAA Breach Notification Rule:

Notify patients when their private information has been breached. 

This is just a quick overview. In order to better understand the law and take the first steps toward HIPAA compliance, visit the Health and Human Services website and familiarize yourself with the law in depth. 

Who Must Follow HIPAA Laws?

HIPAA laws must be followed by any health organization that manages, maintains or processes sensitive information. This includes healthcare clearinghouses and healthcare providers. It also includes third parties with access to these companies' information. 

Who Is Not Required to Follow HIPAA Laws?

There are certain organizations that may have access to sensitive health information but are nevertheless exempt from HIPAA's requirements. These tend to be organizations that aren't health-specific, such as schools, employers, life insurance companies, and many state agencies and law enforcement agencies. 

Protected Information

In order to understand how HIPAA operates, you need to understand what information is actually protected, and how it's protected.

How Is Information Protected?

HIPAA-compliant entities are required to protect sensitive information using physical as well as technological safeguards, including the use of HIPAA-compliant web hosting providers. Health disclosures must also be avoided except where permitted by law.

What Information is Protected?

Anything in your medical record that would be “individually identifiable is considered privileged and protected information, along with any conversations between you and your healthcare provider.  This means that medical information can still be used for broad statistics or studies so long as they information doesn’t give details about an individual’s medical records.