Health Insurance Portability & Accountability Act (HIPAA)

The three main rules of HIPAA are the Privacy Rule, which regulates the use and disclosure of protected health information (PHI), the Security Rule, which requires healthcare entities to protect electronic health information, and the Enforcement Rule, which sets procedures for investigating HIPAA violations and penalties for confirmed violations.

Some examples of HIPAA violations include misuse and disclosures of protected health information (PHI), not having protection in place for health information, patients being unable to access their health information, using or disclosing more than the minimum necessary PHI, and not safeguarding electronic PHI.

The main purpose of the Health Insurance Portability & Accountability Act (HIPAA) is to protect sensitive patient health information and ensure it isn’t disclosed without the patient’s consent or knowledge.

According to the United States Department of Health and Human Services (HHS), the five rules of HIPAA are the Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers Rule, and Enforcement Rule.

• Privacy Rule: Regulates the use and disclosure of protected health information (PHI) by covered entities, or most healthcare organizations
• Transactions and Code Sets Rule: Standardizes health care transactions
• Security Rule: Extends the Privacy Rule by requiring healthcare entities to safeguard Electronic Protected Health Information
• Unique Identifiers Rule: Requires HIPAA-covered entities to only use the National Provider Identifier (NPI) to identify covered healthcare providers in standard transactions
• Enforcement Rule: Sets procedures for investigating HIPAA violations and penalties for confirmed violations