I actually love this question. If you are on social media, you have probably noticed a lot of people throwing around privacy terminology, including HIPPA and HIPAA, also referred to as Hipaa.
The correct acronym is HIPAA. It stands for the Health Insurance Portability and Accountability Act. It is commonly misspelled as HIPPA. I always remember it by telling myself it is not a hippo. So, what is HIPAA anyway?
HIPAA was signed into law in 1996 to provide security and data privacy for patient’s medical information. It typically applies to healthcare providers and organizations who transmit health data electronically. If you are a HIPAA covered entity, there are 5 main rules that compliance focuses on:
1. Privacy – the protection of medical records. This is why when you go see your doctor, you are given a notice of privacy practices and asked who they may share health care information with. Under this section, the individual also has the right to inspect or obtain copies of their records and request corrections.
2. Security – the standards, methods and procedures related to how your information will be stored, accessed and transmitted. This is why information is often encrypted, password protected and stored in secure software portals.
3. Transaction – this area deals with codes that must be used correctly related to medical diagnosis and accuracy of medical records.
4. Identifiers – National health plan identifiers are used to identify health plans and payers (such as Medicare and Medicaid). These identify the employer in HIPAA transactions.
5. Enforcement – this area outlines the penalties for any violations. These were increased in 2015.
These measures were intended to reduce healthcare fraud and abuse, enhance standards for health information, increase portability of medical information and protect the security and privacy of such information.
HIPAA protects an individual’s privacy by prohibiting certain uses and disclosures of a person’s health information, including medical records. HIPAA does not necessarily apply to every person and every entity; the term is often used in a much wider sense than intended. It only applies to covered entities and their business associates. This typically includes hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies and other healthcare providers, insurance companies and related entities.