THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

  • The Health Insurance Portability and Accountability Act (HIPAA)-1996 is the framework for the health industries. The HIPAA legislative statute includes five titles. 
  • The Administrative Simplification portion of HIPAA (Title II) mandated six interrelated standards – resulting in the HIPAA Privacy and the HIPAA Security Rules.
  • A Federal law to protect patients’ privacy consists of:
  • HIPAA Privacy Rule – protects the privacy of individually identifiable health information;
  • HIPAA Security Rule – sets national standards for the security of electronic protected health information;
  • HIPAA Breach Notification Rule – requires covered entities and business associates to provide notification following a breach of unsecured protected health information;
  • Patient Safety Rule – protect identifiable information being used to analyze patient safety events and improve patient safety

Who is affected

Covered Entity (CE)

  • Health care providers who transmit any health information electronically-Hospital
    • Health Plans- Heath insurance companies
    • Health care clearinghouse-Translates data content/Billing services/Intermediaries

CE: electronically transmit any health information in connection with transactions for which HHS has adopted standards.

  • Business Associate (BA) Business Associate (BA) performs functions on behalf of a covered entity
    • Data analysis, claims processing, quality assurance review, data storage, etc.
    • BAs may “create, receive, maintain, or transmit” PHI.
    • Entities and subcontractors that merely store PHI are also considered Bas

Area affected

error: Content is protected !!