The Health Insurance Portability and Accountability Act (HIPAA) was designed to improve the efficiency and effectiveness of the health care system and requires many things, including the standardization of electronic patient health, administrative and financial data. In response to the original HIPAA law, Health and Human Services (HHS) published an additional regulation referred to as the Privacy Rule that relates directly to organizations involved in health care operations that transmit health information electronically.
Typical organizations covered by HIPAA include:
- health plans
- health care clearing houses (billing companies);
- health care providers (“covered entities”) that transmit health information electronically; and
- their business associates
The HIPAA Privacy Rule:
- Establishes conditions under which PHI can be used within a Covered Entity and disclosed to others outside that entity;
- Grants individuals certain rights regarding their PHI;
- Requires that Covered Entities maintain the privacy and security of PHI.
HIPAA also establishes security and privacy standards for the use and disclosure of “protected health information” (PHI).
