HIPAA Compliance Blog

Chances are, you’ve seen the acronym “HIPAA” many times, and wondered what it stands for. It’s the abbreviation for the Health Insurance Portability and Accountability Act, which was enacted in 1996 as a step toward healthcare reform.

HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law that took effect in 2003 to assure that patient’s medical records and other health information provided to health plans, hospitals, doctors and other health care providers is protected. HIPAA is enforced by the U.S. Department of Health and Human Services, to provide nation-wide privacy and security standards for patient information, while allowing patients greater access to their medical records and more control over how their personal health information is used and disclosed. HIPAA established national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity (medical provider).

You may have read or heard the acronym HIM in reference to providers within the health care industry. HIM stands for health information management, which is the application of information management to health and health care.

Imagine: One of your office staff members takes a laptop containing PHI (patient health information) home to do some work, when the computer is stolen. Or, maybe another staff member is in a hurry, and accidentally includes a list of confidential patient information (including names, addresses, contact info, social security numbers, etc.) in another patient’s “new patient package” that was sent out in the mail.

Maybe some of you wished for a holiday gift that included HIPAA dissolving under the current White House administration or that it was easier to implement. But, unfortunately, that dream remains elusive as HIPAA continues to be a nightmare for some organizations.