HIPAA

HIPAA for Professionals

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted to improve the efficiency and effectiveness of the health care system. It includes provisions known as Administrative Simplification that require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, HIPAA addresses privacy concerns related to advances in electronic technology.

Administrative Simplification Provisions

Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, HIPAA incorporated provisions mandating the adoption of Federal privacy protections for individually identifiable health information.

Privacy Rule

HHS published a final Privacy Rule in December 2000, later modified in August 2002. This Rule sets national standards for the protection of individually identifiable health information by three types of covered entities:

• Health plans
• Health care clearinghouses
• Health care providers who conduct the standard health care transactions electronically

Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).

Security Rule

HHS published a final Security Rule in February 2003. This Rule sets national standards for protecting the confidentiality, integrity, and availability of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans).

Enforcement Rule

The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.

Omnibus Rule and HITECH Act

HHS enacted a final Omnibus Rule that implements a number of provisions of the HITECH Act to strengthen the privacy and security protections for health information established under HIPAA, finalizing the Breach Notification Rule.

Regulatory Text and Official Versions

View the Combined Regulation Text – PDF (as of March 2013). This is an unofficial version that presents all the HIPAA regulatory standards in one document. The official version of all federal regulations is published in the Code of Federal Regulations (CFR).

• 45 C.F.R. Part 160 – PDF
• 45 C.F.R. Part 162 – PDF
• 45 C.F.R. Part 164 – PDF

Other HIPAA Administrative Simplification Rules

These rules are administered and enforced by the Centers for Medicare & Medicaid Services, and include:

• Transactions and Code Sets Standards
• Employer Identifier Standard
• National Provider Identifier Standard
• HIPAA PP