The Health Insurance Portability and Accountability Act (HIPAA), is a federal legislation which requires the U.S. Department of Health and Human Services (HHS) to adopt and enforce standards regarding:

  • Standardized electronic transmission of common administrative and financial transactions (such as billing and payments)
  • Unique health identifiers for individuals, employers, health plans, and healthcare providers
  • Privacy and security standards to protect the confidentiality and integrity of individually identifiable health information

(TX Dept. of State Health Services, 2015)

HIPAA passed in 1996, and since then advances in electronic technology have caused Congress to pass further legislation to address the new problems and scenarios introduced by the industry's push to digitize records and other important data.

  • The Privacy Rule was published in December 2000 and was modified in August 2002.
  • The Security Rule was published in 2003.
  • The final Enforcement Rule was established the same year.
  • To be used in conjunction with HIPAA, the Health Information Technology for Economic & Clinical Health (HITECH) Act was passed into law in 2009.

The main focus of these laws is the protection and security of individuals' Protected Health Information (PHI) and the standardization of format, use, and disclosure of this information.

How is it broken down?

Generally, HIPAA can be conceptually broken down by:

  • Electronic Data Interchange (EDI)
    • Transaction Standards
    • Code Sets
  • Privacy Rule
  • Security Rule
  • National Standard Identifiers

Who does it affect?

Due to the nature of the legislation, HIPAA has far-reaching effects. HIPAA has a hand in the regulation of healthcare, which affects every American, and impacts insurance companies, healthcare providers, companies that provide data or software services to those providers, clinics, and other medical practices.

According to HIPAA, those required to adhere to the regulations and standards are considered Covered Entities. These include:

A Health Care Provider A Health Plan A Health Care Clearinghouse
This includes providers such as:
  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing Homes
  • Pharmacies
...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.
This includes:
  • Health insurance companies
  • HMOs
  • Company health plans
  • Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs
This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
These covered entities are impacted by HIPAA's legislation. Companies and individuals who do work with or for covered entities that require the use or disclosure of PHI are considered by HHS to be Business Associates. According to HHS, a business associate is "a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity."

Some examples of Business Associates are:

  • A CPA firm whose accounting services to a health care provider involves access to PHI.
  • A consultant that performs utilization reviews for a hospital.
  • An attorney whose legal services to a health plan involve access to PHI.
  • An IT company who performs work on devices or software that store or display PHI.

(, 2013)

Does your business needs help to meet and maintain HIPAA Compliance? Then please fill out the form above or give us a call today at (877) 85-RHINO for a FREE Consultation.

The first step to compliance is awareness. The next step is to give us a call.