HIPAA Security FAQ

What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act passed by Congress in 1996. This complex law regulates a number of healthcare areas, including portability of healthcare benefits, claims fraud and abuse, privacy of patient information, security of information systems used by healthcare organizations and simplification of electronic standards for administrative and financial transactions. The U.S. Department of Health and Human Services (HHS) is issuing many of the regulations required by the legislation. Individuals and organizations regulated by HIPAA include all healthcare providers, health plans and healthcare clearing houses.

What is important about HIPAA?

One of HIPAA’s most important requirements is that healthcare organizations must implement appropriate administrative, technical and physical safeguards to protect the privacy of patient information. Information subject to this requirement is called Protected Health Information or PHI and is defined as “any information which identifies or could be used to identify an individual and has anything to do with past, present or future physical or mental health conditions, care or payment for care”.