Health Insurance Portability and Accountability Act

The nearly instantaneous flow of information is a defining variable of the information age. While it’s true some companies can use this technology better than others, in regards to healthcare information, the seamless flow of information can literally be the difference between life and death.

In August of 1996, United States President Bill Clinton, in an effort to promote secure transfer of patient information, signed into law the Health Insurance Portability and Accountability Act (HIPAA). In 2002, the Secretary of Health and Human Services, unveiled the official rules.

HIPAA Privacy Rule

The HIPAA privacy rule applies to any healthcare provider that handles patient information electronically.

The following information is protected under HIPAA’s Privacy rule:

  • An individual’s complete history of their physical and mental health conditions.
  • The treatment or provision the individual has access to.
  • An individual’s payment information for said health care.

The Privacy Rule is administered by the Office for Civil Rights.

HIPAA Security Rule

Nowhere is data more personal than in the health care industry. HIPAA’s Security Rule, specifies a series of administered, physical, and technical safeguards for covered parties to guarantee the integrity, real-time availability, and confidentiality of protected electronic healthcare information.

Electronic Transaction & Data Protection

With the standardization rules set forth by HIPAA, each health care provider has to adhere to the same set of protocols as other providers do, to ensure the transferred financial and medical information is easily deciphered by the health care provider and kept safe at all times. 

Every regulation needs a ruling entity. HIPAA is no different. In order for the rules of the HIPAA regulation to work, the Enforcement Rule is in place for dedicated checks and balances. Currently, the Centers for Medicare and Medicaid Services enforces the HIPAA Security Rule and the Rules covering the standardization of information, while the Privacy concern is handled by The Office of Civil Rights.

The Act provides for crippling penalties for failures to certify or comply with the new standards and operating rules.

These penalties include:

Penalties for General Violations of HIPAA:

  • Each violation: A $100 penalty per violation, with no more than $25,000 in one year for all violations of identical requirements.

Penalties for the Wrongful Disclosure of Individually Identifiable Health Information:

  • For wrongful disclosure: $50,000 penalty, imprisonment for not more than one year, or both.
  • For wrongful disclosure made under false pretenses: $100,000 penalty, imprisonment for not more than five years, or both.
  • For wrongful disclosure made with the intent to sell information: $250,000 penalty, imprisonment of not more than 10 years, or both.

As well as the penalties listed above, covered entities that fail to comply with HIPAA regulations will likely be subject to a loss of credibility, which will likely result in the loss of public trust and revenue.