The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect the privacy of patient health information. Under HIPAA, covered entities – which include healthcare providers, health plans, and clearinghouses – must take steps to safeguard the confidentiality of patient health information. In addition, covered entities must provide patients with access to their own health information upon request. Finally, covered entities must also contact patients if their health information has been breached. By following these rules, HIPAA helps to ensure that patient health information is protected from unauthorized access.
The 4 main purposes of the Health Insurance Portability and Accountability Act (HIPAA) are to keep health insurance coverage safe, protect patient privacy, reduce healthcare fraud and abuse, and promote standardization of electronic health care transactions.
HIPAA was enacted in 1996 and is administered by the U.S. Department of Health and Human Services (HHS). The law sets national standards for the protection of electronically exchanged health information. It also establishes requirements for how covered entities must safeguard this sensitive information.
The privacy rule under HIPAA prohibits covered entities from disclosing Protected Health Information (PHI) without patient authorization. This rule also gives patients the right to access their own medical records and request amendments to those records. The security rule under HIPAA requires covered entities to put in place physical, technical, and administrative safeguards to protect electronic PHI from unauthorized access, use, or disclosure
The final Omnibus Rule, issued in 2013, strengthened patient privacy protections by further restricting the use and disclosure of PHI by covered entities. It also expanded patients’ rights with respect to their own PHI and increased penalties for non-compliance with HIPAA rules.