The HIPAA (Health Insurance Portability & Accountability Act) Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information.

HIPAA, Public Law 104-191, amended the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification, requiring:

  1. Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
  2. Protection of confidentiality and security of health data through setting and enforcing standards.

More specifically, HIPAA called upon the Department of Health and Human Services (HHS) to publish new rules that will ensure:

  1. Standardization of electronic patient health, administrative and financial data
  2. Unique health identifiers for individuals, employers, health plans and health care providers
  3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

Who is affected?

Virtually all healthcare organizations – including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-ensured employers – as well as life insurers, information systems vendors, various service organizations, and universities.

Available Documents

Privacy Notice

This document informs you about what we do with your data