Health Insurance Portability and Accountability Act (HIPAA)

What is the Health Insurance Portability and Accountability Act (HIPAA)?

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.

What is the purpose of HIPAA?

  • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduces health care fraud and abuse;
  • Mandates industry-wide standards for health care information on electronic billing and other processes; and
  • Requires the protection and confidential handling of protected health information

What are the main components of HIPAA?

  1. HIPAA Health Insurance Reform
  2. HIPAA Administrative Simplification
  3. HIPAA Tax-Related Health Provisions
  4. Revenue Offsets

Who is covered by and must follow HIPAA?

The HIPAA Privacy Rule applies to organizations that are considered HIPAA-covered entities, including health plans, healthcare clearinghouses and healthcare providers. In addition, the HIPAA Privacy Rule requires covered entities that work with a HIPAA business associate to produce a contract that imposes specific safeguards on the PHI that the business associate uses or discloses.

What are the HIPAA Security Rules?

The Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Security Rule, establishes national standards for securing patient data that is stored or transferred electronically. The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected health information (PHI).

What are the Penalties for Violations of HIPAA Rules?

HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.

How do you become compliant?

To comply with the Security Rule’s implementation specifications, covered entities are required to conduct a risk assessment to determine the threats or hazards to the security of ePHI and implement measures to protect against these threats and such uses and disclosures of information that are not permitted by the Privacy Rule.

A risk assessment should be tailored to the covered entity’s circumstances and environment, including the following:

    Size, complexity and capabilities of the covered entity

    The covered entity’s technical infrastructure, hardware and software security capabilities

    The probability and criticality of potential risks to ePHI

    The costs of security measures

HIPAA compliance can be very complex. To schedule a one hour free consultation, please fill out the simple form, one of our cybersecurity professionals will response to you promptly.

Contact Person*
Email Address*
Job Title
Company Name*
Company Website
Your Message

About the Author: Jenny Jo

Jenny Jo is the president and co-founder of MJJT Consultants. Ms. Jo is a Software Engineer, a Cyber Security Auditor, and an IT Project Manager. She is also a Certified Informatin Security Manager (CISM) which certifies her to audit information systems, as well as design, build, and magage businesses' information security programs.