Health Insurance Portability & Accountability Act of 1996

From Guidelines & Principles
Jump to: navigation, search

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. HIPAA does the following:

  • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduces health care fraud and abuse;
  • Mandates industry-wide standards for health care information on electronic billing and other processes; and
  • Requires the protection and confidential handling of protected health information

The Privacy Rule

The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.

Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.

If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules. See definitions of “business associate” and “covered entity” at 45 CFR 160.103.

Information Technology & HITECH

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.[1]

Covered Entities

The term "covered entity" under the HIPAA Privacy Rule refers to three specific groups, including health plans, health care clearinghouses, and health care providers that transmit health information electronically. Covered entities under the HIPAA Privacy Rule must comply with the Rule's requirements for safeguarding the privacy of protected health information.

CMS.gov: Are You A Covered Entity?

CMS.gov: Covered Entity Charts

HRSA.gov: What Is A Covered Entity?

HHS.gov: Fast Facts for Covered Entities

Resources

HHS.gov Summary of the HIPAA Privacy Rule

Venable LLP: What Your Nonprofit Needs to Do about HIPAA – Now

ProBonoPartner.org: HIPAA Primer for Nonprofit Social Service Agencies

PHDSC.org: Privacy Toolkit for Public Health Professionals

SafeGov.org: HIPAA-HITECH Regulation, the Cloud, and Beyond

SGRLaw.com: HIPAA. It's Not Just for Doctors Anymore

The Angeletti Group: Fundraising Under New HIPAA Regulations

CMS.Gov: Full Text of the Bill

Articles

The Nonprofit Times Patient Information September 15, 2010

Notes

  1. http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html