Medical Privacy: HIPAA Resource and Information Guide

The Health Insurance Portability and Accountability Act, or HIPAA, was introduced in 1996 by the U.S. Congress. HIPAA was created to provide quality health care coverage to those individuals and families who had changed or lost their job, as many insurance providers would lower coverage or charge exorbitant premiums when changing carriers. Another primary objective was to create national standards for electronic health care transactions and to protect private information. The grouping of regulations within the HIPAA act worked to combat fraud, waste, and abuse within the health care system.

HIPAA’s privacy rule took effect on April 14, 2003 and covered payment histories and medical records. This gave patients the control over how their health care information is used and/or disclosed. Those who went against this privacy rule were subject to a strict investigation and held accountable to civil or criminal penalties. In 2005, HIPAA required that all health care providers file their information electronically in the Code Set Rules. These codes are based on electronic data interchange (EDI) standards, which allow information to be transformed from computer to computer without human interference. The final two rules, the Enforcement Rule and the Unique Identifiers Rule, were passed in February and May of 2006. The Enforcement Rule was a developed listing of penalties for violating the standards of HIPAA, while the Unique Identifiers Rule forced each entity to apply for a National Provide Identified (NPI) number and to cover electronic transactions made by insurance companies. Under HIPAA, the protected health information (PHI) is linked to a list of eighteen identifiers that must be protected and kept private, according to HIPAA regulations. These include identifiers such as names, locations, dates, phone and fax numbers, e-mails, medical record numbers, beneficiary and account numbers, license numbers, vehicle and serial numbers, device identifiers, web uniform resource locaters (URLs), internet protocols (IPs), biometric identifiers, photographic images, and any other identifying characteristic.

It’s essential for anyone who handles patient documentation to be educated in the compliance’s of HIPAA. These standards are meant to improve the effectiveness and efficiency of the nation’s health care by encouraging electronic interchange in the United States health care system.

The following resources will provide additional information on the regulations of HIPAA and its benefits, for patients and businesses.

Information for Patients

  • FAQ about HIPAA Privacy: List of questions and answers about common features of the HIPAA privacy act for patients receiving health care.
  • What is HIPAA?: Patients can learn about their privacy rights, as well as what types of entities must comply with HIPAA regulations.
  • HIPAA Privacy and Security: Information on the prime objective of the HIPAA standards and its major components.
  • PHI Identifiers: List of the eighteen protected health information (PHI) identifiers in combination with health information.
  • Standards of HIPAA: Brief description of the final rules of HIPAA, including Code Sets, Privacy Final Rule, Notice of Privacy Practices, Unique Employer Identifier, and Security Final Rule.
  • HIPAA Background Technologies: List of background technologies used on HIPAA regulations, such as encryption and public key infrastructure (PKI).
  • Security FAQ: Find the answers to common questions about HIPAA’s privacy and security rules.
  • HIPAA Compliance Program: Learn what federal agency oversees HIPAA compliance and why it was established.
  • FAQ on School Health: Health care information for HIPAA regulations within school districts.
  • Privacy, Code Sets & Security: Answers to common questions about privacy, code sets, and security regulations within HIPAA.

Information for Businesses