What is HIPAA?
|The Health Insurance Portability
and Accountability Act of 1996 (Public
Law 104-191), also known as HIPAA, was enacted as
a Congressional attempt to reform healthcare. The purpose
of the Act is to:
- Improve portability and continuity of health insurance
coverage in the group and individual markets;
- To combat waste, fraud, and abuse in health insurance
and health care delivery;
- To promote the use of medical savings accounts;
- To improve access to long-term care services and
- To simplify the administration of health insurance;
- Other purposes.
Title I of the HIPAA law deals with health care access,
portability, and renewability with the intention of
protecting health insurance coverage for workers and
their families when they change or lose their jobs.
Title II of the law, also known as "Administrative
Simplification", deals with preventing health care
fraud and abuse.
The "Administrative Simplification" aspect of that
law requires the United States Department of Health
and Human Services (HHS) to develop standards and requirements
for maintenance and transmission of health information
that identifies individual patients. These standards
are usually referred to as "HIPAA Regulations".
These regulations are designed to:
- Improve the efficiency and effectiveness of the
healthcare system by standardizing the interchange
of electronic data for specified administrative and
financial transactions; and
- Protect the security and confidentiality of electronic
The requirements outlined by the law and the regulations
promulgated by DHHS are far-reaching. Health care organizations
that maintain or transmit electronic health information
must comply. This includes health plans, health care
clearinghouses, and healthcare providers who submit
claims electronically. After each final regulation is
adopted, small health plans have 36 months to comply.
Others, including healthcare providers, must comply
within 24 months.
What are the HIPAA regulations?
How are Rules (Regulations) Made?
|The US Department of Health & Human Services
proposes the rules. Once a rule is approved from within
the government, the public is given the opportunity to
comment on the proposal, and those comments are analyzed
and considered in the development of the final rules.
The final rules will have the force of Federal law. Read
more about how
rules are made.
What part of HIPAA is DHHS focusing on?
|The NC DHHS HIPAA Initiative focuses on Title
II - the "Administrative Simplification" portion of the
What are the penalties for not complying?
It is not yet completely understood how these penalties
will be applied. More information will become available
when the complete Enforcement Regulation is published.
However, the general penalty for failure to comply is:
- Each violation: $100
- Maximum penalty for all violations of an identical
requirement: may not exceed $25,000
Wrongful Disclosure of Individually Identifiable Health
- Wrongful disclosure offense: $50,000, imprisonment
of not more than one year or both
- Offense under false pretenses: $100,000, imprisonment
of not more than 5 years, or both
- Offense with intent to sell information: $250,000,
imprisonment of not more than 10 years, or both
What is the deadline for complying with HIPAA?
|Each HIPAA regulation has a different required
compliance date. Refer to the HIPAA
Other Helpful Information in Understanding HIPAA:
Other HIPAA Related