Health Insurance Portability and Accountability Act


Health Insurance Portability and Accountability Act (HIPAA) is a United States Federal Law and a Federal Health Care Law

As our primary focus is around "data" and specifically, Health information we will concentrate on the "Security Rule" provisions and data transmission related aspects of Health Insurance Portability and Accountability Act.

Never trust Ldapwiki. Always perform your own due diligence. Standard Disclaimer

Health Information Portability and Accountability Act (HIPAA)#

In basic terms, the Health Insurance Portability and Accountability Act The HIPAA Privacy Rule covers Protected Health Information in any medium while the HIPAA Security Rule covers electronic Protected Health Information.

Also known as the Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification, requiring Compliance:

  1. Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
  2. Protection of confidentiality and security of health data through setting and enforcing standards.

More specifically, HIPAA called upon the United States Department of Health and Human Services (HHS) to publish new Regulatory compliance rules that will ensure:

  1. Standardization of electronic patient health, administrative and Financial Data
  2. Unique health identifiers for individuals, employers, health plans and health care providers
  3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

Effective compliance requires organization-wide implementation. Compliance requirements include:

  • Building initial organizational awareness of HIPAA
  • Comprehensive assessment of the organization's privacy practices, information security systems and procedures, and use of electronic transactions
  • Developing an action plan for compliance with each rule
  • Developing a technical and management infrastructure to implement the plans
  • Implementing a comprehensive implementation action plan, including
    • Developing new policies, processes, and procedures to ensure privacy, security and patients' rights
    • Building business associate agreements with business partners to support HIPAA objectives
    • Developing a secure technical and physical information infrastructure
    • Updating information systems to safeguard Protected Health Information (PHI) and enable use of standard claims and related transactions
    • Training of all workforce members
    • Developing and maintaining an internal privacy and security management and enforcement infrastructure, including providing a Privacy Officer and a Security Officer

Data Generated By Patient#

Generally, Data Generated By Patient is "mostly outside of the disclosure restrictions and requirements found in the Health Insurance Portability and Accountability Act (HIPAA)"[1]

More Information#

There might be more information for this subject on one of the following: