What is HIPAA – Health Insurance Portability and Accountability Act


What is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act. Passed in 1996 HIPAA is a federal law that sets a national standard to protect medical records and other personal health information. The rule defines “protected health information” as health information that:

1. Identifies an individual and

2. Is maintained or exchanged electronically or in hard copy.

If the information has any components that could be used to identify a person, it would be protected. The protection would stay with the information as long as the information is in the hands of a covered entity or a business associate. The protections apply to individually identifiable information in any form, electronic or non-electronic. The paper progeny of electronic information is covered (i.e. the information would not lose its protection simply because it is printed out of a computer), and oral communications are also covered.

What is the purpose of HIPAA?

HIPAA was first introduced in 1996. In its earliest form, the legislation helped to ensure that employees would continue to receive health insurance coverage when they were between jobs. The legislation also required healthcare organizations to implement controls to secure patient data to prevent healthcare fraud, although it took several years for the rules for doing so to be penned.

HIPAA also introduced several new standards that were intended to improve efficiency in the healthcare industry, requiring healthcare organizations to adopt the standards to reduce the paperwork burden. Code sets had to be used along with patient identifiers, which helped pave the way for the efficient transfer of healthcare data between healthcare organizations and insurers, streamlining eligibility checks, billing, payments, and other healthcare operations.

HIPAA also prohibits the tax-deduction of interest on life insurance loans, enforces group health insurance requirements, and standardizes the amount that may be saved in a pre-tax medical savings account.

How many HIPAA laws are there?

HIPAA Act of 1996 consists of five main titles:

1. Focus on Health Care Access, Portability, and Renewability

  • Regulates the availability of group and individual health insurance policies.
  • Requires the coverage of and limits the restrictions that a group health plan places on benefits for preexisting conditions.
  • Enables individuals to limit the exclusion period taking into account how long they were covered before enrolling in the new plan after any periods of a break in coverage.
  • Covers “creditable coverage” which includes nearly all group and individual health plans, Medicare, and Medicaid.
  • Requires insurers to issue policies without exclusion to those leaving group health plans with creditable coverage exceeding 18 months

2. Preventing Health Care Fraud and Abuse

  • Establishes policies and procedures for maintaining privacy and security of individually identifiable health information, outlines offenses, and creates civil and criminal penalties for violations.
  • Creates programs to control fraud and abuse and Administrative Simplification rules.
  • Requires the Department of Health and Human Services (HHS) to increase the efficiency of the health care system by creating standards.

3. Tax-related health provisions governing medical savings accounts

  • Standardizes the amount that may be saved per person in a pre-tax medical savings account.
  • Makes medical savings accounts available to employees covered under an employer-sponsored high deductible plan for a small employer and self-employed individuals.

4. Application and enforcement of group health insurance requirements

  • Standardizes the amount that may be saved per person in a pre-tax medical savings account.
  • Makes medical savings accounts available to employees covered under an employer-sponsored high deductible plan for a small employer and self-employed individuals.

5. Revenue offset governing tax deductions for employers

  • Provisions for company-owned life insurance for employers providing company-owned life insurance premiums, prohibiting the tax-deduction of interest on life insurance loans, company endowments, or contracts related to the company.
  • Repeals the financial institution’s rule to interest allocation rules.
  • Amends provisions of law relating to people who give up United States citizenship or permanent residence, expanding the expatriation tax to be assessed against those deemed to be giving up their US status for tax reasons
  • Makes ex-citizens’ names part of the public record through the creation of the Quarterly Publication of Individuals Who Have Chosen to Expatriate

What information does HIPAA cover?

The HIPAA Privacy Rule covers all individually identifiable health information that is created, stored, maintained, or transmitted by a HIPAA covered entity or business associate of a HIPAA covered entity. The HIPAA Privacy Rule applies to all forms of PHI, including paper records, films, and electronic health information, even spoken information.

This information is classed as protected health information when it contains identifiers that would allow a patient or health plan member to be identified. HIPAA does not include information in employment records, even if that information is included in the HIPAA definition of individually identifiable health information or protected health information.

Why is HIPAA so important?

The primary goal of HIPAA is to issue insurance coverage for individuals that are between jobs. and the second important goal of HIPAA was to prevent healthcare fraud. Well this can not be done one a single level. It is important to both Healthcare Organizations and Patients to follow the guidelines.

Importance for Healthcare Organizations?

HIPAA introduced a number of important benefits for the healthcare industry to help with the transition from paper records to electronic copies of health information. HIPAA has helped to streamline administrative healthcare functions, improve efficiency in the healthcare industry, and ensure protected health information is shared securely.

The standards for recording health data and electronic transactions ensures everyone is singing from the same hymn sheet. Since all HIPAA-covered entities must use the same code sets and nationally recognized identifiers, this helps enormously with the transfer of electronic health information between healthcare providers, health plans, and other entities.

Importance for Patients?

The greatest benefits of HIPAA are for patients. HIPAA is important because it ensures healthcare providers, health plans, healthcare clearinghouses, and business associates of HIPAA-covered entities must implement multiple safeguards to protect sensitive personal and health information.

While no healthcare organization wants to expose sensitive data or have health information stolen, without HIPAA there would be no requirement for healthcare organizations to safeguard data – and no repercussions if they failed to do so.

HIPAA is important for patients who want to take a more active role in their healthcare and want to obtain copies of their health information. Obtaining copies of health information also helps patients when they seek treatment from new healthcare providers – information can be passed on, tests do not need to be repeated, and new healthcare providers have the entire health history of a patient to inform their decisions.

Who all are required to follow HIPAA Law?

  • Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
  • Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
  • Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
  • Third-Party—Companies that help your doctors get paid for providing health care, including billing companies and companies that process your health care claims

Who is not required to follow the law of HIPAA?

HIPAA does not protect all health information. Nor does it apply to every person who may see or use health information. HIPAA only applies to covered entities and their business associates.

Organizations that do not have to follow the Privacy and Security Rules include:

  • Life insurers
  • Employers
  • Workers compensation carriers
  • Most schools and school districts
  • Many state agencies like child protective service agencies
  • Most law enforcement agencies
  • Many municipal offices

Can you get fired for violating HIPAA?

The HIPAA Enforcement Rule gave the HHS’ Office for Civil Rights the authority to penalize healthcare organizations that have violated HIPAA Rules. But what about employees who violate HIPAA and patient privacy?

All HIPAA violations should be investigated and acted upon by healthcare organizations. This is actually a requirement of HIPAA. Not all HIPAA violations are equal. If a healthcare employee accidentally discloses too much PHI that would be a violation of the HIPAA Minimum Standard and that would not be of the same severity as snooping on patient records.

When a covered entity or business associate is made aware of a HIPAA violation, an internal investigation should be launched. Depending on the nature of the HIPAA violation, an employee may be suspended pending an investigation, which could end with a verbal or written warning or termination.


Now that you have a good overview of HIPAA. To know more you can check out our other articles.

If you find this helpful or have any other questions on this, you can tell you using our comments section.

Leave a Reply

Your email address will not be published. Required fields are marked *