HIPAA Privacy & Security Rules

HIPPA for Professionals:

To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.

View the Summary of the HIPAA Privacy Rule. Read the Summary of the HIPAA Security Rule.

In the News:

February 16, 2017 - Memorial Healthcare System (MHS) has paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and agreed to implement a corrective action plan. MHS is a nonprofit corporation which operates six hospitals, an urgent care center, a nursing home, and a variety of ancillary health care facilities throughout the South Florida area. The login credentials of a former employee had been used to access affected 80,000 individuals without detection from April 2011 through April 2012. MHS failed to implement procedures with respect to reviewing, modifying and/or terminating users’ right of access, as required by the HIPAA Rules. The settlement indicates the importance of HIPAA compliance and audit controls.

To view more news releases from U.S. Department of Health & Human Services | HIPPA Compliance click here.