Health Insurance Portability and Accountability Act (HIPAA)

- The HIPAA Privacy Rule protects the privacy of individually identifiable health information.
- The HIPAA Security Rule sets national standards for the security of electronic protected health information (EPHI).
Effective April 14, 2004, all covered entities must have Business Associate Contracts with their business associates that contain the mandatory provisions required by the Privacy Rule.
The Privacy Rule requires covered entities to guard against misuse of personally identifiable health information and limit the sharing of such information. The Privacy Rule also grants consumers significant rights regarding the use and disclosure of their health information.
The Security Rule requires covered entities to implement basic safeguards to protect Electronic protected health information (“PHI”) from unauthorized access, alteration, deletion, and transmission. The security standards define the administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI.
All health care providers, health plans, health care clearinghouses, Medicare prescription drug card sponsors and other healthcare service providers who generate, use, transmit and store electronic patient records must comply with HIPAA standards.