health insurance portability and accountability act

Health Insurance Portability and Accountability Act

The healthcare sector is one of the industries that face the most cyberattacks. An example of this is Anthem who had 78.8-million patient records stolen in 2015.

Protecting your patient data is essential. It should be a priority within your organization. Not only could insufficient privacy and security cost patients, but it could also land you hefty fines.

If you run a company that utilizes healthcare data, you will need to know all about the HIPAA law. But what are the HIPAA laws?

In this article, we’ll take a look at the Health Insurance Portability and Accountability Act and what it means to your business.

What Is the Health Insurance Portability and Accountability Act?

The Health Insurance Portability and Accountability Act (HIPAA) is something that affects every healthcare organization in the United States. The act came into federal law in 1996 and governs the way that sensitive patient information is handled.

The legislation was put in place to ensure people would be able to move their health insurance between different companies as they moved location or company. The act also sought to make transferring medical records more straightforward.

It also aimed to protect sensitive patient information.

How Does the Health Insurance Portability and Accountability Act Work?

The Health Insurance Portability and Accountability Act makes sure that all individual healthcare plans are fully accessible, renewable, and portable.

The legislation sets out the standards for the way that medical data is shared across the United States healthcare system. One of the primary objectives is to stop fraud.

The act has been modified since its inception. It now includes processes that focus on the safe storing and sharing of patient’s medical data via digital means. It also sets out provisions aimed at improving efficiency and shrinking administrative costs.

The Health Information Technology for Economic and Clinical Health Act broadens HIPAA privacy. The act was brought in to promote health information technology and the act addresses privacy and security.

If you run a healthcare organization, you have no option but to follow HIPAA guidelines.

There are several different elements to the HIPAA guidelines that need to be followed at all times. These include the HIPAA Privacy Rule, the HIPAA Breach Notification, and the HIPAA Security Rule.

All of these have been put in place to protect the privacy of your patients or customers.

Which Entities Does the Health Insurance Portability and Accountability Act Cover?

There are several key entities covered by HIPAA these entities must adhere to HIPAA regulations, or face fines if they don’t. These include:

Healthcare Providers

Regardless of the size of the practice, if you operate as a healthcare provider, then your organization needs to meet the standards set out by the HIPAA legislation.

If you send health information about certain transactions such as claims, referral authorization requests, benefit eligibility inquiries, along with any other transactions that the US Department of Health and Human Services establishes standards for under the HIPAA Transactions Rule, then you must adhere to HIPAA.

Health Plans

These are entities that either provide or cover the cost of medical care.
Health plans may cover anything including:

  • Health maintenance organizations
  • Medicare
  • Medicare + Choice
  • Medicaid
  • Medicare supplement insurers
  • Vision
  • Dental
  • Prescription drug insurers
  • Long term care insurers

Health plans may also include church and government-sponsored health plans. Besides employer-sponsored group plans, and health plans of multi-employers.

The exception to this rule is any health plan that has fewer than 50 participants and is solely administered by an employer.

Healthcare Clearinghouses

Entities that process any information that they receive from nonstandard to standard or vice versa are covered by HIPAA regulations.

Often, a healthcare clearinghouse will only receive health information that identifies an individual while they are processing services for a health plan or healthcare provider.

This may be done as a third-party business associate.

Business Associates

This could be an organization or a person that is not a member of the workforce of a covered entity. This organization either uses or discloses any individually identifiable health data.

This information will have been shared so that the business associate can carry out functions, activities or provide services for the covered entity.
These services and functions may include:

  • Data analysis
  • Processing claims
  • Reviewing use
  • Processing bills

It is essential that these organizations follow HIPAA to the letter, or face fines.

What Can Your Organization Do to Protect Itself?

You can protect your organization or business by ensuring you have stringent security measures in place.

Compliance in the Health Insurance Portability and Accountability Act is mandatory. One of the best ways to ensure that you are fully compliant with the act is to hire a third-party organization to help you.

The type of things that you can get help with include:

  • Carrying out HIPAA risk assessments
  • Ensuring that your employees are fully trained in using your communication systems
  • Ensuring employees understand the significance of the HIPAA regulations
  • Carrying out HIPAA audits

Having a third-party organization taking care of your IT security is always a good idea.

You’ll get disaster recovery and support for your business. Also, a third-party HIPAA compliant IT expert will carry out a full IT security audit within your organization.

Ensuring HIPAA Compliance in Your Organization

The Health Insurance Portability and Accountability Act is an important piece of legislation that all healthcare organizations must abide by. It protects patient data and allows information to be safely passed between organizations. 

Your healthcare business must be compliant. To ensure this you must carry out risk assessments and training. 

If you need help with any aspect of the Health Insurance Portability and Accountability Act then HIPAA Security Suite is here for you. We offer a wide range of services that will help protect you and ensure HIPAA compliance.

To find out more about the services we have to offer, get in touch today.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top