Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy–Kassebaum Act [1][2]) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996.[3] It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft,[4] and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient’s authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves (with limited exceptions).[5] Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.
The act consists of 5 titles:
Title I protects health insurance coverage for workers and their families when they change or lose their jobs.
Title II, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
Title III sets guidelines for pre-tax medical spending accounts.
Title IV sets guidelines for group health plans.
Title V governs company-owned life insurance policies.
HIPAA certification costs can vary for small and larger organizations depending on a number of variables like current compliance levels, IT infrastructure, training levels, etc. These costs can start from $10000 and exceed $150000 depending on the nature and complexity of the organization’s requirements.