Get In Touch

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA Act of 1996

Introduction

The Standards for Privacy of Individually Identifiable Health Information, known as the "Privacy Rule," establishes national standards for protecting certain health information for the first time. Issued by the U.S. Department of Health and Human Services (HHS) to implement the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Privacy Rule outlines the use and disclosure of "protected health information" by covered entities, ensuring individuals have rights to understand and control how their health information is used. The Office for Civil Rights (OCR) within HHS is responsible for enforcing these standards through compliance activities and civil penalties.

A key goal of the Privacy Rule is to safeguard individuals' health information while allowing necessary access to promote high-quality health care and protect public health. It strikes a balance between facilitating important information use and ensuring patient privacy. This summary highlights key elements of the Privacy Rule but is not a comprehensive compliance guide; entities must comply with all applicable requirements. For complete details and further resources, please refer to the Privacy Rule section. In case of any discrepancies, the Rule takes precedence.

Get In Touch

Who is Covered by the Privacy Rule

The Privacy Rule and all Administrative Simplification rules apply to health plans, healthcare clearinghouses, and any healthcare provider that electronically transmits health information related to HIPAA transactions (referred to as “covered entities”). To find out if you are covered, use CMS’s decision tool for assistance.

Health Care Providers

All healthcare providers, regardless of size, that electronically transmit health information related to specific transactions—such as claims or benefit inquiries—are considered covered entities under HIPAA. The transmission must be connected to a standard transaction, not merely using electronic technology. This includes both institutional providers (like hospitals) and individual practitioners (like physicians and dentists) that furnish, bill, or receive payment for healthcare services.

Business Associate Defined

A business associate is an individual or organization, excluding a covered entity’s workforce, that performs functions or provides services involving the use or disclosure of individually identifiable health information, such as claims processing and billing. However, if their functions do not involve protected health information or any incidental access, they are not considered business associates; notably, a covered entity can also serve as a business associate for another covered entity.

Health Care Clearinghouses

Healthcare clearinghouses process nonstandard information from other entities into a standard format or vice versa, typically receiving individually identifiable health information while providing processing services to health plans or providers as business associates. Only specific Privacy Rule provisions apply to their use and disclosure of protected health information. Examples of healthcare clearinghouses include billing services and repricing companies.

What Information is Protected

  • Protected Health Information

    The Privacy Rule protects "individually identifiable health information," referred to as "protected health information (PHI)," held by covered entities or their business associates. This includes details about an individual's health, healthcare, or payment, along with common identifiers like name and Social Security Number. It excludes employment records maintained by covered entities as employers and certain educational records under the Family Educational Rights and Privacy Act.

  • De-Identified Health Information

    There are no restrictions on using or disclosing de-identified health information, which neither identifies nor allows for the identification of an individual. Information can be de-identified in two ways: through a formal determination by a qualified statistician or by removing specified identifiers of the individual and their relatives, household members, and employers, provided the covered entity has no knowledge that the remaining information could identify the individual.

What Our Client Says

Risk Management, Audit & Compliance

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her

Shams W.Pawel Founder & CEO of XpeedStudio

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her

Shams W.Pawel Founder & CEO of XpeedStudio

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her

Shams W.Pawel Founder & CEO of XpeedStudio

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her

Shams W.Pawel Founder & CEO of XpeedStudio

Leave A Message

Feel free to leave us a message, and we'll get back to you as soon as possible. Your inquiries are important to us!

Let's Talk and Work Together

info@XetecServices.com
+1 945 222 5645
Get Started

Follow Us

Linkedin

Subscribe Our Newsletter

Follow Us

Facebook-f Instagram Youtube Twitter

Subscribe Our Newsletter

Copyright © 2024 XeteServices. All rights reserved.

Scroll to Top