Health Insurance Portability and Accountability Act (HIPAA)

What is the Health Insurance Portability and Accountability Act (HIPAA)?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted in the United States to improve the handling, protection, and privacy of personal and health information of individuals. It consists of (5) titles that specify the availability of health plans, the privacy and security of health and personal information, medical savings account guidelines, rules on pre-existing conditions, and provisions for corporate tax deductions of company-owned life insurance.  For privacy, HIPAA has numerous provisions in Title II regarding access, privacy and the use of personal and health information.

What are some of the ways HIPAA addresses the privacy of individuals’ health and personal information? 

  • Privacy rule: defines what information is protected health information (PHI), prescribes how information can be disclosed and requires health organizations to take reasonable steps to ensure the privacy of PHI.
  • Right to access: provides individuals the right to access their PHI and/or to transfer their information to other providers.
  • Security rule: provides for the protection of PHI via (3) distinct safeguards; administrative, physical, and technical.  Administrative safeguards deal with the policies and procedures of health organizations. Physical safeguards specify how computer hardware and software devices can be accessed by individuals and protected physically. Technical safeguards provide guidance on the technical controls that ensure that PHI access is limited to authorized users, protected from malicious access and activities and that systems are configured and maintained to limit known vulnerabilities.

Here are additional resources to learn more about HIPAA: