Health Insurance Portability and Accountability Act | HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. statute enacted in 1996, designed to address multiple aspects of healthcare administration, with a strong emphasis on safeguarding the privacy and security of patient health information.

HIPAA aims to enhance the portability and continuity of health insurance coverage, combat waste, fraud, and abuse in health insurance and healthcare delivery, promote the use of medical savings accounts, improve access to long-term care services and coverage, and simplify the administration of health insurance.

The act comprises five titles, with Title II – Preventing Healthcare Fraud and Abuse; Administrative Simplification; Medical Liability Reform, carrying the majority of provisions applicable to Picture Archiving and Communication Systems (PACS) and other medical imaging informatics tools. Title II includes stipulations for unique health identifiers, standardizing transactions and code sets, and importantly, ensuring privacy and security of health information.

While HIPAA’s original intent was to simplify and standardize information exchange between insurance companies and providers, the provision that health information must be exchanged securely to protect patient privacy has gained significant attention. Consequently, HIPAA has become synonymous with the privacy and security of patient information.

HIPAA stipulates that all patient data within a healthcare organization must be secured, irrespective of whether it’s transmitted electronically, stored digitally, or in written format. HIPAA implementation divides individual security requirements into three categories: administrative safeguards, physical safeguards, and technical safeguards.

As a U.S. statute, HIPAA applies to U.S. healthcare institutions, healthcare practitioners, and vendors that provide healthcare-related products and services within the U.S. However, its influence extends beyond U.S. borders as other countries have enacted similar regulations, or use HIPAA as a guideline to formulate privacy and security measures for medical information. Moreover, some regions, like the European Union, have enacted more stringent regulations such as the General Data Protection Regulation (GDPR), which imposes stricter standards for data protection, including health information, than those stipulated by HIPAA.

The HIPAA home page is: http://www.hhs.gov/ocr/hipaa/

A well-formatted copy of the HIPAA statute is posted at: http://hippo.findlaw.com/hipaa.html#Anchor2