- HIPAA stands for the Health Insurance Portability and Accountability Act of 1996.
- HIPAA was passed to protect patient health information and ensure privacy.
- The HIPAA Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate.
- HIPAA applies to all health care providers, health plans, health care clearinghouses, and any other entities that create, store, transmit, or manage patient health information.
- HIPAA requires covered entities to have physical, administrative, and technical safeguards in place to protect patient health information.
- HIPAA also requires covered entities to provide individuals with access to their own health information and an accounting of disclosures.
- HIPAA also requires covered entities to comply with certain administrative requirements, such as developing policies and procedures and training staff.
- Covered entities are required to report any breaches of unsecured PHI to the Department of Health and Human Services.
- Violations of HIPAA can result in civil and criminal penalties.
- HIPAA is enforced by the Department of Health and Human Services’ Office for Civil Rights.