HIPAA is the United States Health Insurance Portability and Accountability Act of 1996.
There are two sections to the Act. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. In the information technology industries, this section is what most people mean when they refer to HIPAA.
HIPAA establishes mandatory regulations that require extensive changes to the way that health providers conduct business. The key components of Administrative Simplification include:
- Standardized electronic transmission of common administrative and financial transactions (such as billing and payments)
- Unique health identifiers for individuals, employers, health plans, and heath care providers
- Privacy and security standards to protect the confidentiality and integrity of individually identifiable health information
The HIPAA regulations apply to Health Plans, Health Care Clearinghouses (Entities that facilitate electronic transactions by “translating” data between health plans and providers when they use non-compatible information systems), and Health Care Providers who transmit health information in electronic form in connection with one or more of the eight covered transactions.
Business associates of a covered entity are not directly controlled by the regulations, but mandatory contracts require them to protect the privacy of individually identifiable information. Government agencies specifically named in the regulations are covered entities, as are agencies that function as a health plan or a health care provider.
A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.