Health Insurance Portability and Accountability Act
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (PL 104-191), also known as HIPAA, is a law designed to improve the efficiency and effectiveness of the nation's health care system. HIPAA is divided into two parts:
- Title I: Health Care Access, Portability, and Renewability
- Protects health insurance coverage when someone loses or changes their job
- Addresses issues such as pre-existing conditions
- Title II: Administrative Simplification
- Includes provisions for the privacy and security of health information
- Specifies electronic standards for the transmission of health information
- Requires unique identifiers for providers
Who needs to comply with HIPAA?
The HIPAA regulations apply to covered entities, defined as health plans, health care clearinghouses, and health care providers who conduct certain electronic transactions.
Find out if you are a covered entity.
What happens if I don't comply?
The interim final rule [PDF] on HIPAA Administrative Simplification Enforcement ("Enforcement Rule") was issued on October 30, 2009. It includes categories of violations and tiers of increasing penalty amounts.
Categories of violations include those:
- that occur without the person's knowledge (and the person would not have known by exercising reasonable diligence)
- that have a reasonable cause and are not due to willful neglect
- due to willful neglect but that are corrected quickly
- due to willful neglect that are not corrected
Monetary penalties vary by the type of violation and range from $100 per violation with a yearly maximum fine of $25,000 to $50,000 per violation and a yearly maximum of $1.5 million.
The following is provided for informational purposes only. Please consult with your legal counsel and review your state laws and regulations.