is the federal Health Insurance Portability and Accountability Act
of 1996, passed with bipartisan and widespread support of the
health care industry. HIPAA had three goals:
- Health Insurance Portability – ensure the portability and
continuity of health insurance coverage for individuals and
- Accountability – combat waste, fraud, and abuse in health
insurance and health care delivery.
- Administrative Simplication – to simplify health care billing and
other transactions by adopting standards to transmit data
Administrative Simplification is implemented through federal
regulations issued by the Department of Health and Human Services
Administrative Simplification goals required the
development of standards for the electronic exchange of health
care information. Administrative simplification also required
rules to protect the privacy of personal health information and
the establishment of security requirements to protect that
information and the development of standard identifiers.
the core are standards for the content and format of electronic
transactions used in billing, payment and other health care
administrative functions. These standards use Electronic Data
Interchange (EDI) technology which has become widely used in
banking and other industries.
standards enable the core transaction standards.
automated information can be more accessible and more easily
abused, new regulations will govern the privacy and security
of patient information.
set of regulations will provide nationwide, standard
identifiers for providers, health plans and employers.
final regulation now covers enforcement of the rules.
standards are based on existing, national, industry standards
Administrative Simplification provisions of HIPAA apply to three
kinds of "covered entities" specified in the law.
plans are generally defined as any individual or group plan
that provides or pays for medical care. Not all public
programs which provide or pay for health care are covered.
Covered health plans must be able to process any standard
electronic transactions they receive.
health care provider that transmits health information in
electronic form in connection with one of the transactions
used in providing or paying for health care. Providers may
continue to conduct transactions manually, but any covered
transactions they do electronically must meet the standards
(unless they are using a clearinghouse).
clearinghouses, which translate electronic transactions
between standard and non-standard forms.
an entity is "covered" under HIPAA applies to the
privacy as well as the transactions rule (only these two rules are
final as of the writing of this summary). Business associates of
covered entities are also impacted by HIPAA when they perform
covered transactions on behalf of a covered entity, or when they
receive protected patient health information from the same.
updated: July 12, 2010