HIPAA & PHI (Health Insurance Portability and Accountability Act & Patient Health Information)
This is for informational purpose only, not an expert guide.
What does HIPAA stand for?
HIPAA stands for the Health Insurance Portability and Accountability Act (HIPAA) and is the HIPAA law enacted to improve how healthcare entities protect sensitive patient health information (PHI) and patient privacy. Since enacted by the U.S. Congress in 1996, new rules have been added to HIPAA rules to enhance the current levels of protection. It is vitally important for organizations to keep up to date with these changes and understand what HIPAA means to your business practices.
This is an unofficial version that presents all the HIPAA regulatory standards.
- HIPAA Privacy Rule (45 CFR §164.530) The Privacy Rule protects the Personal Health Information (PHI) and medical records of individuals. It places limits and conditions on the various uses and disclosures that can and cannot be made without patient authorization. This rule also gives every patient the right to inspect and obtain a copy of their records and request corrections to their file.
- HIPAA Security Rule (45 CFR §164.308) The security rule defines and regulates the standards, methods, and procedures related to the protection of electronic PHI on storage, accessibility, and transmission.
- Transactions Rule This rule deals with the transactions and code sets used in HIPAA transactions, including:
- Identifiers Rule HIPAA uses three unique identifiers for covered entities who use HIPAA-regulated administrative and financial transactions.
- Enforcement Rule Derived from the ARRA HITECH ACT provisions for violations that occurred before, on, or after the February 18, 2015 compliance date, this rule expands those under HIPAA Privacy and Security. It increases the penalties for any violations.
Make sure to check your federal compliance and regulations frequently to ensure you and your team are up to date on requirements as we are not experts on this matter.