What is HIPAA

What is HIPAA?

HIPAA, the Health Insurance Portability and Accountability Act,

HIPAA was enacted by the U.S. Congress in 1996, and became effective July 1, 1997. This act is a grouping of regulations that work to combat waste, fraud, and abuse in health care delivery and health insurance. The intention of the HIPAA is also to improve the effectiveness and efficiency of the health care system, portability and continuity of health insurance coverage in the group and individual markets, as well as the ability to provide consequences to those that do not apply with the regulations explicitly stated within the Act.


  • The HIPAA Privacy Rule creates national standards to protect individuals’ medical records and other personal health information.
  • It gives patients more control over their health information.
  • It sets boundaries on the use and release of health records.
  • It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
  • It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
  • And it strikes a balance when public responsibility supports disclosure of some forms of data for example, to protect public health.

For patients

It means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.

It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.

It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.

It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.

It empowers individuals to control certain uses and disclosures of their health information.

The HIPAA Code Set Regulations establish a uniform standard of data elements used to document reasons why patients are seen and the procedures performed during health care encounters. HIPAA specified code sets to be used are:


  • Diagnoses – ICD 9
  • Procedures – CPT 4, CDT
  • Supplies/Devices – HCPCS
  • Additional Clinical Data – Health Level Seven (HL7)

HIPAA titles

HIPAA is a legislative act made up of five titles as described below:
Title I, “Health care access, portability and renewability,” employers and health plans must allow a new employee’s medical insurance coverage to remain continuous without regard to pre-existing conditions.

Title II, “Preventing health care fraud and abuse; administrative simplification; medical liability reform” defines new requirements for privacy and security of individually identifiable patient information. “Administrative simplification,” Subtitle F reduces the administrative component of health care costs through the implementation of electronic data interchange (EDI) standards primarily by embracing ASC X12N transaction formats.

Title III, “Tax-related health provisions” standardizes the amount you can save per person in a pre-tax medical savings account.

Title IV, “Application and enforcement of group health plan requirements” broadened information on insurance reform provisions and provide detailed explanations.

Title V, “Revenue offsets” are regulations on how employers can deduct company-owned life insurance premiums for income tax purposes.

HIPAA Benefits

Significant resources need to be invested over the next several years to achieve compliance with the HIPAA legislation and to realize the long-term benefits. The benefits of HIPAA include:

  • Lowering administrative costs
  • Improved efficiency for patients and providers
  • Increasing customer satisfaction
  • Improved security and privacy of information
  • Penalties for Failure to Comply with HIPAA

The legislation carries heavy civil and criminal penalties for failure to comply. US DHHS Office for Civil Rights will enforce civil penalties that may include penalties from $100 per violation to $25,000 per calendar year. US Department of Justice will enforce criminal penalties which may include up to 10 years imprisonment and a $250,000 fine.

Who does HIPAA affect?

  • Health insurers
  • Doctors
  • Hospitals
  • Employers who provide health insurance
  • Life insurers
  • Anyone who uses health care or health insurance
  • Public health authorities
  • Billing agencies
  • Information system vendors
  • Health service organizations