The Basics of HIPAA: Quick roundup

The Basics of HIPAA: Quick roundup

Most people are generally familiar with the acronym HIPAA, the federal law that protects the privacy of an individual’s health information– The Health Information Portability and Accountability Act of 1996. We encounter it everytime we visit a medical office.

What tends to get the most attention from businesses that may be affected by the law is the first section of the act, the Privacy Rule. This portion of the law sets the standards and restrictions defining when an individual’s health data may be used and disclosed. It is easy to find information about this part of the law. However, the law also has a Breach Notification Rule, which specifies the required actions an entity must take when the Privacy Rule has been violated. 

Some background on HIPAA

To make sense of your notification obligations under HIPAA, let’s take some time to define what HIPAA is all about.

What is HIPAA?
HIPAA was passed in 1996, and then it was strengthened and expanded in 2006 with the passage of the HITECH ACT. This Act recognized the expansion of electronic health records and seriously increased the penalties and enforcement of HIPAA rules, including a requirement for audits by the Department of Health and Human Services (HHS) of those who are covered by the law. HIPAA creates three basic rules regarding patient healthcare data.

  1. The Privacy Rule – This rule creates a right for patients to have the privacy of their healthcare data secured and sets standards about how health data may be used and when it may be disclosed.
  2. The Security Rule – This second part creates security regulations regarding all Protected Health Information and electronic Protected Health Information (PHI/ePHI). It defines what must be done to protect patient data privacy.
  3. The Breach Notification Rule – This rule states to whom and when notification must be made when a breach of patient data privacy has occurred.

It is important to be aware of the the Breach Notification Rule because failure to adhere to the timelines can result in significant penalties. We have recently released an e-guide that discusses the breach notification rule in-depth and can help you understand your obligations under this HIPAA rule. Click here to download our e-guide.