The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed to protect patient personally identifiable information (PII) and health information from nonconsensual disclosure.
Following the passage of the act, the United States Department of Health and Human Services issued the HIPPA Privacy Rule to implement the requirements of HIPPA and outline the use and disclosure of individual’s health information (known as “protected health information”) by entities subject to these rules.Entities subject to the Privacy Rules as defined by HIPPA include:
• Healthcare providers: Every healthcare provider regardless of size who electronically transmits health information including claims, benefit eligibility inquiries, referral requests, and other transactions.
•Health plans: Any entity that provides or pays the cost of medical care, including health, dental, vision, prescription drug insurers, Medicare, Medicate, long-term care insurers, employer-sponsored group health plans, and more.
◦ Group health plans with fewer than 50 participants administered solely by the employer that established and maintains the plan is not a covered entity.
• Healthcare clearinghouses: Any entity that processes information they receive from another entity into standardized formats or data content, or vice versa.
• Business associates: A person or organization outside of a covered entity’s workforce who uses or discloses personally identifiable information to complete services, functions, or activities for a covered entity (such as billing, claims processing, data analysis, etc.)