THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule The HIPAA Privacy Rule, which became effective April 14, 2003 and the HIPAA Security Rule, which required full compliance by April 21, 2005, are federal law. Anyone not in compliance can face up to $250,000 in fines and jail time up to 10 years. The HIPAA Privacy Rule applies to protected health information (PHI) in all forms oral, written, and electronic as well as the use and disclosure of an individual's health information, Its purpose is to ensure an individual's health information is properly protected; and for individuals to understand and control how their health information is used. The HIPAA Security Rule The HIPAA Security Rule applies to PHI only in electronic form - essentially, patients' medical records and other personal health care information, It mandates that electronically stored or transmitted personal health information be kept confidential and protected against unauthorized users and any threats to its security or integrity. The rule is intended to set a minimum level or floor of security. Some businesses may find that their business strategies require stronger protections. The Health Insurance Portability & Accountability Act of 1996 (HIPAA) calls for improved efficiency in the healthcare industry through the standardization of electronic data interchange, as well as the protection of confidentiality and security of health data through rigorously enforced regulations. This means, in order to reach compliance with HIPAA, healthcare organizations (and virtually any organization that handles personal health care information) must meet standardization requirements for electronic patient health, administrative, and financial data. Additionally, security standards established by HIPAA exist to protect the confidentiality and integrity of "individually identifiable health information." This applies to current and future records, as well as archived past information. |