Part 1: Learning About HIPAA (FAQ 4 of 65)
4. What is HIPAA and Why Should You Care?
You can't get very far into health privacy without running across the acronym HIPAA, which stands for the Health Insurance Portability and Accountability Act, a 1996 federal statute. Although many people associate HIPAA just with health privacy, the Act actually covers many topics unrelated to privacy. The part of the Act relevant to privacy directs the Department of Health and Human Services to write a health privacy rule. The rule took effect on April 14, 2003. Some refer to it as the health privacy rule, the HIPAA rule, or just plain HIPAA. Other HIPAA rules also exist, but they don't relate to health privacy. When we say HIPAA in this document, it means the HIPAA health privacy rule unless we state otherwise.
Another part of the HIPAA statute relevant here is the provision that requires the health care world to comply with security standards for medical information. This is the HIPAA security rule. HHS issued security standards under the authority granted by HIPAA and made the Centers for Medicare & Medicaid Services (CMS) responsible for the HIPAA security standards. You can learn more at www.cms.hhs.gov/SecurityStandard.
We won't cover the security rule in detail here because it is of interest primarily to health care providers and insurers who have to implement it. Of course, we acknowledge that security of health information is important, but patient privacy rights are found only in the HIPAA health privacy rule. To learn more about the HIPAA security rule, see www.cms.hhs.gov/SecurityStandard/.