- The Health Insurance Portability and Accountability Act (HIPAA)-1996 is the framework for the health industries. The HIPAA legislative statute includes five titles.
- The Administrative Simplification portion of HIPAA (Title II) mandated six interrelated standards – resulting in the HIPAA Privacy and the HIPAA Security Rules.
- A Federal law to protect patients’ privacy consists of:
- HIPAA Privacy Rule – protects the privacy of individually identifiable health information;
- HIPAA Security Rule – sets national standards for the security of electronic protected health information;
- HIPAA Breach Notification Rule – requires covered entities and business associates to provide notification following a breach of unsecured protected health information;
- Patient Safety Rule – protect identifiable information being used to analyze patient safety events and improve patient safety
Who is affected
Covered Entity (CE)
- Health care providers who transmit any health information electronically-Hospital
- Health Plans- Heath insurance companies
- Health care clearinghouse-Translates data content/Billing services/Intermediaries
CE: electronically transmit any health information in connection with transactions for which HHS has adopted standards.
- Business Associate (BA) Business Associate (BA) performs functions on behalf of a covered entity
- Data analysis, claims processing, quality assurance review, data storage, etc.
- BAs may “create, receive, maintain, or transmit” PHI.
- Entities and subcontractors that merely store PHI are also considered Bas