What is HIPAA?

by

HIPAA is the Health Insurance Portability and Accountability Act of 1996, a United States federal law that establishes national requirements for protecting certain health information and sets standards for privacy, security, and breach notification in regulated healthcare activities.

What HIPAA Regulates

HIPAA regulates how protected health information is used, disclosed, and safeguarded by regulated organizations. Protected health information includes individually identifiable health information held or transmitted by a regulated organization in any form, including paper, electronic, and oral communications.

The HIPAA Privacy Rule governs permissible uses and disclosures of protected health information and establishes individual rights related to that information. The HIPAA Security Rule sets administrative, technical, and physical safeguards for electronic protected health information. The HIPAA Breach Notification Rule establishes breach notification duties when unsecured protected health information is compromised.

Who Must Comply With HIPAA

HIPAA applies to HIPAA Covered Entities and Business Associates.

HIPAA Covered Entities include health plans, most healthcare providers that conduct standard electronic transactions, and healthcare clearinghouses. Business Associates are vendors and service providers that create, receive, maintain, or transmit protected health information on behalf of a HIPAA Covered Entity, or provide services involving protected health information.

HIPAA Compliance Components

HIPAA compliance requires written policies and procedures, workforce training, safeguards for electronic protected health information, and processes for responding to incidents and potential breaches. Documentation must support the organization’s compliance posture and allow demonstration of compliance in investigations, audits, and corrective action processes.

Workforce Training Requirement

All workforce members must receive HIPAA training. Annual HIPAA training is industry best practice. Training on HIPAA rules and regulations provides a foundation for workforce understanding before instruction on internal policies and procedures.

Business Associate Training Responsibilities

All staff in a HIPAA Business Associate must receive HIPAA training. All staff must receive security awareness training. Staff with access to protected health information must receive HIPAA training. Annual HIPAA training is industry best practice.

Daniel Lopez

Daniel Lopez is the HIPAA expert behind HIPAA Coach. Daniel has over 10 years experience as a HIPAA trainer and has developed deep experience in teaching HIPAA to healthcare professionals. Daniel has contributed to numerous publications including expert articles on The HIPAA Guide. Daniel is currently a staff writer on HIPAA at the Healthcare IT Journal. Daniel was a subject matter expert for ComplianceJunction's online HIPAA training. Daniel's academic background in Health Information Management is the foundation of his HIPAA expertise. Daniel's primary professional interest is protecting patient privacy, which he believes is the core of the HIPAA regulations and the best route to HIPAA compliance. You can reach Daniel on the contact page of HIPAA Coach and follow him on Twitter https://twitter.com/DanielLHIPAA