HIPAA Title  
HIPAA Title Title Bar
HIPAA Title   Question Title Bar Disclaimer Title Bar FAQ Title Bar Search Title Bar
Title Bar Title Bar
Title Bar Title Bar
Title Bar
What Is HIPAA?

- What is HIPAA? - What are the penalties for not complying?
- What are the HIPAA regulations? - What is the deadline for complying with HIPAA?
- How are Rules (Regulations) Made? - Other Helpful Information in Understanding HIPAA
- What part of HIPAA is DHHS
  focusing on?
- Other HIPAA Related Links

bullet What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), also known as HIPAA, was enacted as a Congressional attempt to reform healthcare. The purpose of the Act is to:
  • Improve portability and continuity of health insurance coverage in the group and individual markets;
  • To combat waste, fraud, and abuse in health insurance and health care delivery;
  • To promote the use of medical savings accounts;
  • To improve access to long-term care services and coverage;
  • To simplify the administration of health insurance; and
  • Other purposes.

Title I of the HIPAA law deals with health care access, portability, and renewability with the intention of protecting health insurance coverage for workers and their families when they change or lose their jobs. Title II of the law, also known as "Administrative Simplification", deals with preventing health care fraud and abuse.

The "Administrative Simplification" aspect of that law requires the United States Department of Health and Human Services (HHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients. These standards are usually referred to as "HIPAA Regulations".

These regulations are designed to:

  1. Improve the efficiency and effectiveness of the healthcare system by standardizing the interchange of electronic data for specified administrative and financial transactions; and
  2. Protect the security and confidentiality of electronic health information.

The requirements outlined by the law and the regulations promulgated by DHHS are far-reaching. Health care organizations that maintain or transmit electronic health information must comply. This includes health plans, health care clearinghouses, and healthcare providers who submit claims electronically. After each final regulation is adopted, small health plans have 36 months to comply. Others, including healthcare providers, must comply within 24 months.


bullet What are the HIPAA regulations?

The components of Title II, Administrative Simplification, of the HIPAA law are called "regulations" (often referred to as "rules" or "standards") and must be implemented to comply with the law. These regulations are as follows:


bullet How are Rules (Regulations) Made?

The US Department of Health & Human Services proposes the rules. Once a rule is approved from within the government, the public is given the opportunity to comment on the proposal, and those comments are analyzed and considered in the development of the final rules. The final rules will have the force of Federal law. Read more about how rules are made.

bullet What part of HIPAA is DHHS focusing on?

The NC DHHS HIPAA Initiative focuses on Title II - the "Administrative Simplification" portion of the law.


bullet What are the penalties for not complying?

It is not yet completely understood how these penalties will be applied. More information will become available when the complete Enforcement Regulation is published. However, the general penalty for failure to comply is:

  • Each violation: $100
  • Maximum penalty for all violations of an identical requirement: may not exceed $25,000

Wrongful Disclosure of Individually Identifiable Health Information:

  • Wrongful disclosure offense: $50,000, imprisonment of not more than one year or both
  • Offense under false pretenses: $100,000, imprisonment of not more than 5 years, or both
  • Offense with intent to sell information: $250,000, imprisonment of not more than 10 years, or both

bullet What is the deadline for complying with HIPAA?

Each HIPAA regulation has a different required compliance date. Refer to the HIPAA Timeline.


bullet Other Helpful Information in Understanding HIPAA:

bullet Other HIPAA Related Links