| HIPAA stands for Health Insurance Portability and | | | | with protected health information and consist of |
| Accountability Act. It is a federal law enacted in 1996 | | | | healthcare providers, health insurance providers, and |
| as an attempt at incremental health care reform and | | | | employer sponsored group health plans. Anyone |
| experts consider it to be the most significant health | | | | outside of those categories is considered a business |
| care legislation since Medicare in 1965. | | | | associate. Business associates include medical billing |
| HIPAA's intent is to reform the healthcare industry | | | | companies, medical storage, marketing organizations, |
| by reducing costs, simplifying administrative processes | | | | software companies, medical device manufacturers, |
| and burdens, and improving privacy and security of | | | | etc. |
| patient's information. | | | | While the DHHS (Department of Health and Human |
| There are two separate and distinct laws that fall | | | | Services) regulates covered entities, business |
| under the HIPAA umbrella: HIPAA Privacy and HIPAA | | | | associates are regulated by the covered entities they |
| Security. HIPAA Privacy relates to the protection and | | | | work with through a business associate agreement |
| privacy of individuals' protected health information | | | | (alternatively called business associate contract). |
| (PHI) while HIPAA security relates to the protection | | | | HIPAA compliance involves two main components: |
| and privacy of individuals' protected health information | | | | one being HIPAA training of employees and the other |
| in electronic form (ePHI). HIPAA Privacy is what most | | | | implementing processes, procedures, and forms |
| of us think about when we hear the term HIPAA ( | | | | related to HIPAA. |
| HIPAA Awareness Training, Notice of Privacy | | | | While alot of regulations in HIPAA may seem like |
| Practices, Authorization forms, etc )whereas HIPAA | | | | common sense, think of them as just providing some |
| Security tends to be more the focus of an | | | | level of standardization so an individual and the |
| organization's IT department because it deals with | | | | organizations involved in their care can know what to |
| encryption, electronic security, disaster recovery, etc. | | | | expect of each other. |
| Do you have to worry about HIPAA? There are two | | | | HIPAA compliance does not have to be a |
| main classifications under HIPAA: Covered Entities and | | | | complicated process and once setup, can be relatively |
| Business Associates. Covered Entities are those | | | | little effort to maintain. |
| types of organizations/individuals that deal directly | | | | |