PDF Print E-mail


Who is required to comply?
Healthcare providers; hospitals, physicians and nurses, public health authorities, pharmacists, life insurers, self-ensured employers and medical billing services.

What is it?
Health Insurance Portability and Accountability Act issued in 1996. Establishes standards for electronic data exchange, confidentiality and security of all information related to healthcare. Data must remain accessible to authorized users and auditors while remaining secure and protected from unauthorized sources or usage.

What are the requirements?
There are two components; the Privacy Rule and the Security Rule.

  1. Privacy Rule: Addresses and standardizes how organizations use and disclose health information. This rule protects against unauthorized disclosure of identifiable health information within an organization or its business associates. Includes all media; verbal, paper and most pertinent, electronic. Health organizations must notify patients of privacy rights and enforce procedures to protect it.
  2. Security Rule: Enforces that organizations receive, maintain and transmit electronic health information in a safe and confidential manner that is readily available. There are three main safeguards to this information; administrative, physical and technical.

What is the cost of non-compliance?
Heavy fines up to $250K, imprisonment up to 10 years and loss of corporate reputation.

What is the significance of HIPAA compliance?

The act provides patients with increased control over how protected health information is used and disclosed. Organizations must standardize policies and procedures to ensure patient confidentiality.