HIPAA Overview

HIPAA is the “Health Insurance Portability and Accountability Act of 1996”, Public Law 104-191.

HIPAA contains three parts relevant to healthcare information, which include requirements related to the:

  • Privacy of individually identifiable health information;
  • Security of electronic health information; and
  • Standardization of transaction and code sets.

Hot News!

  • The US Department of Health & Human Services Office for Civil Rights (OCR) has issued new HIPAA guidance on communications with family, friends, or others involved in a patient's care. This guidance does not reflect a change in any laws or regulations; it is intended to clarify HIPAA requirements so that providers do not unnecessarily withhold a patient's health information.

    There are two guides available - one for providers and one for patients. These guides list common questions about HIPAA and indicate when health care providers may discuss or share health information with family members, friends, or others involved in care or payment for care. The provider guide also includes a chart that summarizes relevant requirements under HIPAA.

    To access these resources, visit the OCR health information privacy website at: http://www.hhs.gov/ocr/privacy/
  • Hospital clerk accused of identity theft at University of Texas M.D. Anderson Cancer Center HOUSTON (KTRK) -- Investigators have charged a hospital employee with stealing the identities of cancer patients at the University of Texas M.D. Anderson Cancer Center, Harris County District Attorney Kenneth Magidson announced.

    A warrant was issued Friday for Angelina Cloud-Equam, 26, a lead clerk in surgical pathology. She is accused of fraudulent use and possession of identifying information, a third-degree felony that carries punishment of up to10 years in prison upon conviction. Anna Emmons, a prosecutor in the District Attorney's Public Integrity Section, said the investigation began after a Houston cancer patient was contacted by a New Jersey-based bank. The call concerned a March 31, 2008 application filed online for $10,000 in credit in the patient's name, although she had never applied for the credit.

    Emmons said e-mail and computer details from the application were traced back to Cloud-Equam. UT police determined that on March 29 she had accessed the patient's hospital application for treatment, which contained confidential identity information. Read the entire article here: https://abc13.com/archive/6377731/
  • The National Institute of Standards and Technology (NIST) released the draft publication SP 800-66 Rev1, "An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule," on May 1.

    The publication discusses security considerations and resources that covered entities may find valuable as they comply with the security rule. This included educating readers on security terms and concepts used and discussed in the security rule, according to the NIST Web site.

    The publication is available on the NIST Web site. Comments will be accepted until June 13.