What is HIPAA

What is HIPAA

HIPAA stands for the Health Insurance Portability and Accountability Act. This act became law in 1996 and was created to protect and regulate PHI, Personal Health Information. According to HIPAA, associates of covered entities must provide safeguards to limit incidental, and avoid the prohibited use  and disclosure of PHI, as well as, in connection with the disposal process of such information.

HIPAA has changed the way medical information is exchanged and disposed of by medical health professionals.

  • It created a standard amongst the health industry about billing and processing, especially electronic billing.
  • It helps workers and their families transfer and continue their health insurance coverage after either losing or changing jobs.
  • It creates standards for the protection and confidential handling of Personal Health Information.

HIPAA requirements were modified in compliance with HITECH, the Health Information Technology for Economic and Clinical Health Act.  The Office of Civil Rights in the Department of Health and Human Services oversee these laws and their execution. HIPAA security rules were further changed with the American Recovery and Reinvestment Act.  These changes included:

  • HIPAA now places the same security requirements on business associates as covered entities, which includes, physical, administrative, and technical safeguards laid out in the Security Rule.  Business are now required to appoint a security official, develop written procedures, and train its workforce on safeguarding private health information.  They are now also subject to civil and criminal penalties under HIPAA
  • Covered entities and businesses must notify individuals when a security breach involving PHI occurs wether through an accidental exposure or theft. This notification will be delivered via mail or email, depending on individuals’ requests.
    • Large security breaches (more than 500 individuals) requires that a “prominent media outlet” and the Department of Health and Human Services (HHS) must also be notified. Additionally a website that is run by HHS is well-maintained and updated with public disclosure of the breaches.
  • An increase for violations from $100 per individual with a cap of $25,000 to $1,000 per individual with a cap of $100,000. A fine of $10,000 for willful neglect that maxes out at $250,000.  Ana a  $50,000 fine with a max of $1.5 million per calendar will be implemented if problems are not properly handled.
  • Fines for violations are now allowed to go to individuals, as well as, their lawyers. This greatly increases the incentives for lawyers to follow through with lawsuits.  State Attorney Generals are also able to bring action against covered entities and businesses on the behalf of their residents.


HIPAA has greatly changed the landscape of health care and liability standards across the industry. If you are interested in learning more information on HIPAA please visit the US Department of Health and Services.


Are you looking to streamline your document management needs? Give us a call at (800) 472-9716, or use the contact form on the right for your free, no-obligation quote!