Health Insurance Portability and Accountability Act (HIPAA)

What Is Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. HIPAA requires that covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates (anyone who has access to patient information and provides support in treatment, payment and operations) must meet a set of rules.

HIPAA mandates that every covered entity and business associate with access to Personal Health Information (PHI) must have technical, physical, and administrative safeguards to protect the integrity of PHI. And, should a breach of PHI occur, organization must follow a procedure to notify affected parties. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

HIPAA compliance requires effort. Organizations must make significant investments, including identifying gaps in compliance by conducting self-audits, creating remediation plans to reverse compliance violations, developing policies and procedures, documenting all efforts they take to become HIPAA compliant, creating an incident management process and more.

Failure to comply with HIPAA has serious consequences. The breach of electronic PHI may result in substantial fines, criminal charges and civic action lawsuits. The Office for Civil Rights of the Department of Health and Human Services does not consider ignorance of HIPAA regulations a justifiable defense.