What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was passed to improve portability and continuity of health insurance coverage, protect against fraud and abuse in health insurance and health care delivery, and improve access to long-term care services and coverage. HIPAA also included privacy provisions designed to ensure the confidentiality and protection of protected health information. Under HIPAA, the federal government adopted national standards for the electronic exchange, privacy and security of personal health information as well as defined who was subject to such provisions.

How long has HIPAA been in effect?

The initial law, with Administrative Simplification provisions, was passed in 1996. The government published a final Privacy Rule in 2000 that set national standards for the protection of individually identifiable health information by health plans, health care clearinghouses, and health care providers who conduct health care transactions electronically. In 2003, a Security Rule set national standards for protecting electronic protected health information. By 2013, HIPAA regulatory standards included a finalized Breach Notification Rule.

What are the penalties for failing to comply?

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the Privacy and Security Rules for HIPAA-covered entities by investigating complaints and determining possible criminal violations. Corrective actions include monetary fines and hearings. Monetary fines vary in size based upon the severity of the violation with the highest fine recorded at $16 million.