What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a set of statutes designed to improve the efficiency and effectiveness of the US health care system:

  • Title I: HIPAA's Title I establishes rules to "improve the portability and continuity of health insurance coverage" for workers when they change employers.
  • Title II: HIPAA's Title II establishes rules to prevent health care fraud and abuse. Its "Administrative Simplification" section sets standards for enabling the electronic exchange of health information, and includes provisions establishing rules for protecting the privacy and security of personal health information:
    • Privacy Rule: The HIPAA Privacy Rule protects the privacy of individually identifiable personal health information.
    • Security Rule: The HIPAA Security Rule defines national security standards for protecting electronic data that contain protected health information (PHI).
    • Enforcement Rule: The HIPAA Enforcement Rule empowers the Secretary of the US Department of Health and Human Services (HHS) to impose civil money penalties on entities that violate HIPAA rules.
    • Breach Notification Rule: The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates to notify affected individuals, the HHS Secretary, and (in certain circumstances) the media following any breaches of unsecured PHI.

The HHS Office for Civil Rights (OCR) administers and enforces compliance with the HIPAA Privacy Rule; the HHS Centers for Medicare & Medicaid Services (CMS) administers and enforces compliance with the non-privacy HIPAA rules.

In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted to strengthen HIPAA enforcement rules. Subtitle D of the HITECH Act improved privacy and security provisions found in the original HIPAA privacy and security rules. In 2013, relevant provisions of HITECH and the Genetic Information Non-discrimination Act (GINA) of 2008 were combined to create the HIPAA "Final Rule".

For more about HIPAA and the HITECH Act, see these HHS pages:

Additionally, see the US Department of Labor's HIPAA fact sheet and the US Government Printing Office's online copy of the HIPAA statute.

At Indiana University, compliance with HIPAA's privacy and security rules is coordinated through the University Compliance Office.

UITS provides consulting and online help for Indiana University researchers who need help securely processing, storing, and sharing data containing PHI. If you have questions about managing HIPAA-regulated data at IU, or need help, contact UITS HIPAA Consulting. For additional details about HIPAA compliance at IU, see HIPAA Privacy & Security on the University Compliance website.

This is document ayyy in the Knowledge Base.
Last modified on 2017-02-20 14:16:46.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.