| The Health Insurance Portability and Accountability | | | | providers who receive individual health information, |
| Act or HIPAA, which was enacted by the US | | | | and providers who electronically maintain health |
| Congress in 1996, has introduced to sweeping | | | | information used in electronic transmissions |
| changes in health care administration and | | | | between entities. |
| information systems. HIPAA is a federal law that | | | | Non-compliance with HIPAA regulations may cause |
| has been amended to the Internal Revenue Code | | | | disruptions in an organization's day-to-day business |
| of 1986 which intends to improve portability and | | | | processes, resulting in both tangible and intangible |
| continuity of health insurance; combat waste, | | | | costs. The most serious implications of HIPAA |
| fraud and abuse in health insurance and health | | | | non-compliance for health care organizations |
| care delivery; promote the use of medical savings | | | | include the inability to effectively conduct |
| accounts and improve access to long-term health | | | | electronic business and the potential of losing |
| care services and coverage; and simplify the | | | | significant segments of business. The government |
| administration of health insurance. | | | | also imposes some sanctions on those who fail to |
| HIPAA is designed to standardize the way all | | | | comply with the regulations of HIPAA. The |
| health care organizations electronically exchange | | | | penalty for failure to comply with regulations goes |
| sensitive patient data and to protect patients | | | | up to $100 per violation per person up to a |
| from unauthorized disclosure of their medical | | | | maximum of $25,000 per year. Penalty for |
| records (whether paper or electronic). Under | | | | knowingly and wrongfully disclosing individually |
| HIPAA, there are specific standards that all health | | | | identifiable health information is up to $50,000 per |
| care organizations are required to adhere to. | | | | violation or one year imprisonment or both for |
| These standards include an Administrative | | | | simple offense; up to $100,000 per violation or |
| Simplification Title that is aimed at preventing | | | | five years imprisonment or both if the offense is |
| health care fraud and abuse. Within this title, there | | | | "under false pretenses"; and up to $250,000 or |
| are several laws and proposed standards including | | | | ten years imprisonment or both if committed with |
| Electronic Health Transactions Standards, Privacy | | | | intent to sell, transfer or use for commercial |
| & Confidentiality Standards, Unique Health | | | | advantage, personal gain or malicious harm. |
| Identifiers, and Security & Electronic Signature | | | | Thus, the ultimate objective of HIPAA is to |
| Standards. | | | | increase the efficiency and effectiveness of health |
| These HIPAA laws and standards directly apply to | | | | information systems through improvements in |
| the following groups of health care entities: health | | | | electronic health care transactions as well as to |
| plans, public and private payers, health care | | | | maintain the security and privacy of individually |
| insurers, HMOs, Medicare, Medicaid, group health | | | | identifiable health information. It helps to promote |
| plans, health care clearinghouses, any entity that | | | | the modernization of health information systems. |
| facilitates the processing of non-standard | | | | Becoming HIPAA-compliant is a challenging task |
| formatted health information and must convert | | | | because of extensive cross-departmental |
| the non-standard data into standard transactions, | | | | compliance and training requirements but it is an |
| or vice versa, Health Care Providers, providers | | | | ongoing administration, privacy and security |
| who transmit health information electronically, | | | | challenge that must be constantly addressed. |