Resources to assist employers in complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA governs the portability and continuity of health insurance coverage and includes (as part of its administrative simplification rules) privacy and security standards for the use and disclosure of health information.
In 1996, Congress passed the Health Insurance Portability and Accountability Act of 1996 ( www.practicallaw.com/1-501-6222) (HIPAA), which governs the portability and continuity of health insurance coverage and requires adoption of the:
HIPAA Privacy Rule, which addresses the privacy of individually identifiable health information ( www.practicallaw.com/1-501-6613) .
HIPAA Security Rule, which addresses the security of electronic protected health information ( www.practicallaw.com/8-501-6596) (PHI).
The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information. The Privacy Rule applies to health plans and other covered entities that conduct certain health care transactions electronically. The Privacy Rule requires safeguards to protect the privacy of PHI, and imposes restrictions on the use and disclosure of PHI without an individual's authorization. The Privacy Rule also gives individuals rights to certain information related to their health information.
The HIPAA Security Rule establishes national standards to protect individuals’ electronic PHI that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.
In 2010, the Affordable Care Act ( www.practicallaw.com/6-505-8403) (ACA) made significant changes affecting HIPAA, including rules addressing preexisting condition exclusions, lifetime and annual limits, coverage rescissions, and electronic transactions (for related resources, see the Affordable Care Act (ACA) Overview ( www.practicallaw.com/7-502-3192) and Affordable Care Act (ACA) Toolkit ( www.practicallaw.com/9-518-2991) ). In January 2013, the Department of Health and Human Services ( www.practicallaw.com/9-504-9761) (HHS) issued comprehensive regulations that finalized changes to the HIPAA privacy, security, enforcement, and breach notification rules under the Health Information Technology for Economic and Clinical Health (HITECH) Act ( www.practicallaw.com/3-501-7466) . Failure to comply with the HIPAA Privacy or Security Rules can result in significant consequences including civil and criminal penalties, which were increased under the HITECH Act. Also, HHS has taken an aggressive enforcement approach in recent years regarding HIPAA compliance.
The HIPAA Toolkit provides several continuously updated resources designed to help employers comply with the HIPAA Privacy and Security Rules, other administrative simplification requirements, and related changes under the ACA.