Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) set national standards for electronic healthcare transactions and code sets, unique health identifiers, and security. This law also provides federal privacy protections for protected health information/individually identifiable health information.

HIPAA Privacy Rule

  • Protects medical records and other personal health information by installing certain safeguards, as well as limits and conditions on uses and disclosures without proper patient authorization
  • Allows patients to request, obtain, and examine own medical records
  • Applies to health plans and healthcare providers

HIPAA Security Rule

  • Mandates proper and sufficient safeguards for the protection of patient health information that is created, received, used, or maintained by an affected entity
  • Specifies proper administrative, physical, and technical protections

HIPAA Breach Notification Rule

  • Requires the reporting by covered entities of any breach involving unsecured protected health information
    • Breach: "impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information" (HHS)

VUMC maintains several resources regarding patient privacy, security, and compliance with HIPAA: