The Health Insurance Portability and Accountability Act (HIPAA) went into effect in 1996. Since that time, healthcare providers, insurance companies, and their business partners have been required to follow HIPAA law.

But exactly what does HIPAA do? We’re telling you all about the HIPAA act next: why it’s needed, how it helps you, and what you should know about this critical healthcare industry regulation.

What Does HIPAA Do?

The US Department of Health and Human Services passed the HIPAA act to address protected health information (PHI).

PHI is any data created, accepted, transmitted, maintained, or stored physically or electronically. And this data pertains to a particular patient. So, HIPAA protects patients and their health data.

What Information Does HIPAA Protect?

HIPAA law protects all patient health information. It also protects any information containing a patient’s:

  • Name
  • Important dates (e.g., birth date)
  • Phone number
  • Fax number
  • Location
  • Email address
  • Social Security number
  • Medical record ID
  • Health insurance ID
  • Account numbers
  • Certificate numbers
  • License plate number
  • Medical device serial number
  • Website
  • IP address
  • Photo
  • Physical and/or behavioral identifiers
  • Any other identifying information

Unless a patient gives consent to share this information, you’d breach HIPAA law if you revealed this data to anyone.

What Is the HIPAA Security Rule?

In 2013, the Department of Health and Human Services modified the Security Rule, which was first enacted in 2003. The security rule protects PHI created, stored, and transmitted electronically (called ePHI).

Who Must Adhere to HIPAA?

“Covered entities” must adhere to HIPAA law. Covered entities are organizations and individuals that have access to PHI.

Of course, this includes healthcare providers and insurance companies. Healthcare clearinghouses that process patient payments are also subject to HIPAA.

Payers’ and providers’ business associates must also adhere to HIPAA. Business associates are any vendors that create, process, or transmit PHI. This might include debt collection agencies, IT consultants, or medical transcriptionists.

How Can Covered Entities Comply With HIPAA?

Except in some rare circumstances, covered entities are not allowed to share PHI or ePHI without a patient’s permission.

But HIPAA doesn’t only require that you not violate this standard. You must also show that you have safeguards in place to protect PHI and ePHI.

Safeguards include things like training employees on HIPAA adherence and securing the business against theft.

Covered entities must also safeguard against potential security threats to ePHI, including using encryption and firewalls.

What Happens If Covered Entities Violate HIPAA?

By now, you may be wondering: why should covered entities follow HIPAA? Here’s why it’s important.

Non-compliance with HIPAA can earn you up to a $50,000 fine per violation. If you violate HIPAA multiple times in one year, your organization could earn up to $1.5 million in fines.

Don’t risk falling victim to HIPAA. Click the link to find more information on HIPAA and how to adhere to it.

Don’t Fall Victim to HIPAA

So, what does HIPAA do? HIPAA protects patient health and personal data and applies to covered entities. If you don’t safeguard against the loss of or damage to PHI or ePHI, your organization could earn a hefty fine. Looking for more educational guides? Keep scrolling for articles like this one.