Recognizing that electronic technology could erode the privacy of health information, the law also incorporates provisions for guarding the security and privacy of personal health information. It does this by enforcing national standards to protect:
* Individually identifiable health information, known as the Privacy Rule.
* The confidentiality, integrity and availability of electronic protected health information, known as the Security Rule.
The complete suite of rules is known as the HIPAA Administrative Simplification Regulations. It is administered by The Centers for Medicare & Medicaid Services and The Office for Civil Rights.
Who is affected: Health care providers, health plans, health clearinghouses and "business associates," including people and organizations that perform claims processing, data analysis, quality assurance, billing, benefits management, etc.
Link to the law: An unofficial version (as of February 2009) that presents all the regulatory standards in one document: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsim...
Official versions of the complete suite of HIPAA Administrative Simplification Regulations can be found at 45 CFR Parts 160, 162 and 164:
* 45 CFR, Part 160: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsim...
* 45 CFR, Part 162: http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr162_07.html
* 45 CFR, Part 164: http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr164_07.html
HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/prdecemb...
HIPAA Security Rule: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securit...
Key requirements/provisions: There are five parts to HIPAA's Administrative Simplification Statute and Rules:
1. Electronic Transaction and Code Sets Standards: Requires every provider who does business electronically to use the same health care transactions, code sets and identifiers. This rule is administered by The Centers for Medicare & Medicaid Services.
2. Privacy Rule: Provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. The rule permits the disclosure of personal health information needed for patient care and other important purposes. This rule is administered by the Office for Civil Rights.
3. Security Rule: Specifies a series of administrative, physical and technical safeguards for covered entities to use to assure the confidentiality, integrity and availability of electronic protected health information. This rule is administered by the Office for Civil Rights.