Abstract

This discussion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 focuses on two sections of its Administrative Simplification Provisions: privacy and security. In terms of the privacy provision, it defines a covered entity; explains the purposes for which covered entities may use and disclose patient information and the “minimum necessary” rule; discusses the subpart regarding pre-emption of state law; gives activities under HIPAA regulations that covered entities are required to perform; explains privacy procedures that covered entities must adopt and implement within their organizations; and explains required training, required steps to secure patient records that contain individually identifiable health information, and required monitoring for compliance. In terms of data security, the four key security requirements for covered entities are provided, along with a discussion of implementation specifications for entities to use in their effort to become compliant. Administrative, physical and technical safeguards are discussed. The author concludes that HIPAA will continue to be a driving force in the healthcare industry, mentioning other standards that will require compliance in the future, and that HIPAA’s Administrative Simplification Provisions will continue to affect everyone for many years to come.

Related Keywords

• HIPAA, and patient privacy
• Data security, and HIPAA
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Patient privacy, and HIPAA

Related Categories

• BUSINESS
• LEGAL
• SUPPORT