What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is set of statutes designed to improve the efficiency and effectiveness of the US health care system:
Title I: Title I of HIPAA provides rules to
"improve the portability and continuity of health insurance coverage"
for workers when they change employers.
- Title II: Title II of HIPAA provides rules for controlling health care fraud and abuse, and includes an "Administrative Simplification" section that sets standards for enabling the electronic exchange of health information.
Provisions in the "Administrative Simplification" section of Title II include rules protecting the privacy and security of health data. These rules are enforced by the US Department of Health and Human Services Office for Civil Rights (OCR):
- The Privacy Rule protects the privacy of individually identifiable
health information. For more, see Privacy
Rule on the OCR web site.
- The Security Rule sets national standards for the security of electronic protected health information (ePHI). For more, see Security Rule on the OCR web site.
In 2009, HIPAA enforcement rules were strengthened by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Subtitle D of the HITECH Act improved privacy and security provisions found in the original HIPAA privacy and security rules.
At Indiana University, compliance with the HIPAA privacy and security rules is coordinated through the Office for Clinical Affairs, with the interim HIPAA Privacy Officer and interim HIPAA Security Officer. For more about HIPAA compliance at IU, see the HIPAA Compliance page.
For more about HIPAA and the HITECH Act, see these US Health and Human Services pages:
- HIPAA Administrative Simplification Statute and Rules
- Summary of the HIPAA Privacy Rule
- Summary of the HIPAA Security Rule
- HITECH Act Enforcement Interim Final Rule
Last modified on December 07, 2012.