Jump to: Current Customers | Main Menu | Content | Footer


What is HIPAA?

Information about the Health Insurance Portability and Accountability Act of 1996


What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act (and is also known as the Kennedy-Kasselbaum Act). HIPAA calls for national standards for electronic healthcare transactions, among other requirements. Wikipedia's information on the HIPAA.

HIPAA requires that organizations that deal with electronic patient healthcare information protect the security and confidentiality of that data.

What organizations are impacted?

Virtually all organizations that deal with electronic patient healthcare information are affected. This includes (but is not limited to): healthcare providers, health plans, physicians’ offices, public health authorities, healthcare clearinghouses, pharmacies, organ, blood and sperm donation banks, and long-term care facilities.

Also included are those entities that handle, exchange or store private electronic health information, such as self-ensured employers, life insurers, billing agencies, information systems vendors, various service organizations, and universities. In many cases, HIPAA provisions have led to extensive changes with regard to medical recordkeeping and billing systems.

When was HIPAA enacted?

HIPAA is currently law. It was enacted on August 21, 1996.

Most organizations have 24 months from the effective dates of the final rules to achieve compliance. The Security Rules were published in 2003, requiring compliance by April 21, 2005.

What are the penalties for non-compliancewith HIPAA?

HIPAA includes severe penalties, both civil and criminal, for non-compliance. These include: Civil fines of $100 per violation, up to $25,000 for multiple violations of the same standard in a calendar year. Criminal fines up to $250,000 and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information.

Individuals also have the right to file a formal complaint with the U.S. Dept. of Health and Human Services (HHS) for violations of HIPAA regulations. HHS may investigate and penalize organizations.

What are the requirements of HIPAA?

There are several parts to HIPAA’s “Administrative Simplification” provision. Our focus here is on the Security Rule section.

Security Rule:

  • Mandates the security of electronic medical records pertaining to an individual, requiring that covered entities ensure the confidentiality, integrity, and availability of all electronic protected health information that the entity creates, receives, maintains, or transmits.

  • Requires entities to protect against any reasonably anticipated threats or hazards to the security or integrity of all electronic protected health information, protect against reasonably anticipated uses or disclosures of such information, and ensure compliance by their workforce.

  • Specifically, these standards concentrate on three aspects of security:
    • Physical security – requires protection of electronic systems, equipment and data
    • Technical security – authentication and encryption to be used to control access to data
    • Administrative security – security responsibility is to be assigned to an individual

InboxSolutions Blog LogoRead the InboxSolutions Blog
Who we are, what we're thinking, how we're working hard to bring you the best possible email service.
InboxSolutions Community LogoInboxSolutions Community
Read up on our technology, our services, and ask questions.