HIPAA Privacy and Security


The Health Insurance Portability and Accountability Act (HIPAA) is intended to protect the confidentiality of personal healthcare information. HIPAA imposes separate data-privacy and data-security rules on three types of covered entities: (1) health plans (insurance companies and self-ensured employers); (2) healthcare providers (physician and dental practices, as well as any organization that offers healthcare and treatment to its employees on-site); and (3) healthcare clearinghouses. In addition, business associates of covered entities (consultants, claims-processing firms, etc.) must comply with HIPAA's data-security rules.

HIPAA's Privacy Rule regulates the use and disclosure of protected health information (PHI) by covered entities. PHI is information that concerns (1) any past, present or future physical or mental health of an individual; (2) provision of healthcare to an individual; or (3) payment for healthcare of an individual. HIPAA prohibits covered entities from disclosing PHI to others for marketing purposes without the patient's written authorization.

HIPAA's Security Rule regulates the creation, receipt, maintenance and transmission of electronic PHI. The Security Rule is intended to maintain confidentiality of PHI, protect it from improper modification or deletion, and ensure that electronic PHI is available to authorized persons or entities when needed. The Security Rule sets out specific administrative, physical and technical security safeguards required for compliance.

Failure to comply with HIPAA can lead to significant financial and other penalties, including civil fines ranging between $100 and $50,000 per violation, and criminal penalties that may include fines of up to $250,000 and/or imprisonment for up to ten years.

© WeComply/Thomson Reuters

Key Resources

For your convenience, ACC has compiled the following key resources to assist you in your compliance efforts.

For more try searching ACC's online library for "HIPAA"

Survey Tools From Wolters Kluwer Law & Business

Instantly evaluate differences between jurisdictions with these complimentary Privacy Statutes multistate survey tools.

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.
By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more. Hide this message