HIPAA is a complicated law with numerous provisions. HIPAA is the abbreviation of the 1996 Health Insurance Portability and Accountability Act, Public Law 104-191.1 HIPAA included provisions in the law that authorized the U.S. Department of Health & Human Services (HHS) to adopt national standards to protect the privacy of personal health information. HIPAA mandated that HHS take action that ensures privacy protection for individually identifiable health information.2
According to the official HHS website, HIPAA requirements include those found in Public Law 104-191, a final privacy rule adopted in December 2000, a final Security Rule adopted in February 2003, an Enforcement rule, and an Omnibus Rule.3 An unofficial version of all HIPAA regulations is found in a combined regulation text on the HHS website.4 This unofficial version of regulations is 115 pages long. You may read the full regulations for yourself if you want. However, the purpose of this article is to provide a snapshot into what HIPAA is and the basic requirements it imposes on businesses.
First, it is important to note, that HIPAA does not impose requirements on all businesses. Instead it only applies to the following entities: “(1) A health plan; (2) A health care clearinghouse; (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter; or (4) an individual or “business associate” that provides certain services to a covered entity.”5