hipaa logo

Part 1: Learning About HIPAA (FAQ 4 of 65)

 

4. What is HIPAA and Why Should You Care?

You can't get very far into health privacy without running across the acronym HIPAA, which stands for the Health Insurance Portability and Accountability Act, a 1996 federal statute. Although many people associate HIPAA just with health privacy, the Act actually covers many topics unrelated to privacy. The part of the Act relevant to privacy directs the Department of Health and Human Services to write a health privacy rule. The rule took effect on April 14, 2003. Some refer to it as the health privacy rule, the HIPAA rule, or just plain HIPAA. Other HIPAA rules also exist, but they don't relate to health privacy. When we say HIPAA in this document, it means the HIPAA health privacy rule unless we state otherwise.

SIDEBAR:

People often incorrectly abbreviate HIPAA as HIPPA (two Ps rather than two As). If you do an Internet search for "hippa," you may be surprised at how often the wrong acronym is used. For extra credit, see how many law firms you can find that use the wrong abbreviation or give the law the wrong name.

Another part of the HIPAA statute relevant here is the provision that requires the health care world to comply with security standards for medical information. This is the HIPAA security rule. HHS issued security standards under the authority granted by HIPAA and made the Centers for Medicare & Medicaid Services (CMS) responsible for the HIPAA security standards. You can learn more at www.cms.hhs.gov/SecurityStandard.

We won't cover the security rule in detail here because it is of interest primarily to health care providers and insurers who have to implement it. Of course, we acknowledge that security of health information is important, but patient privacy rights are found only in the HIPAA health privacy rule. To learn more about the HIPAA security rule, see www.cms.hhs.gov/SecurityStandard/.

SIDEBAR:

You may have noticed that different components of the Department of Health and Human Services have health privacy or security responsibilities. For example, the Office of Civil Rights handles the HIPAA health privacy rule. The Centers for Medicare and Medicaid handles the HIPAA security rule. The Substance Abuse and Mental Health Services Administration handles the alcohol and drug abuse rules. Does that makes you wonder about the diversity of responsibilities for health privacy within a single federal department? We wonder too.

 

Jump to list of FAQs 1-65 | See all of Part 1