HHS: Guidance on HIPAA basics

HIPAA is designed to enforce protected health information privacy, security and breach notification rules. While its aims are relatively straightforward, what entities are covered under the law and to what extent is a point of considerable confusion.

Advertisement
By: Staff

HHS released a guide to HIPAA basics. Here are four things to know from the guide.

HIPAA privacy rule

What is PHI?

Any information relating to:

•    An individual’s past, present or future physical or mental health or condition
•    Provision of healthcare to the individual
•    Past, present or future payment for the provision of healthcare to the individual
•    Common identifiers such as name, address, date of birth and Social Security Number

HIPAA security rule

The security rule relates to specific safeguards that covered entities and their business associates are required to implement to protect the confidentiality, integrity and availability of PHI.

HIPAA breach notification rule

Breaches involving fewer than 500 individuals:

•    Must be reported to the affected individuals no later than 60 days after discovery of the breach
•    Must be included in a log of all breaches once a year, no later than 60 days after the end of the calendar year, and submitted to HHS
•    Do not have to be reported to the media

Breaches involving 500 or more individuals:

•    Must be reported to the affected individuals not later than 60 days after discovery of the breach
•    Must be reported to HHS as the same time as individuals are notified, no later than 60 days from discovery
•    Must be reported to the media no later than 60 days from discovery

Covered entities

HIPPA law pertains to:

•    Covered healthcare providers including chiropractors, clinics, dentists, physicians, nursing homes, pharmacies and psychologists
•    Health plans including company health plans, government programs, health insurance companies and HMOs
•    Healthcare clearinghouses including billing services, community health management information systems, re-pricing companies and value-added networks
•    Business associates including accreditation, billing, claims processing, consulting, data analysis, financial services, legal services, management administration and utilization review

More articles on health IT:
Why your organization can’t afford to skimp on interoperability anymore
Readers’ choice: 21 health IT leaders to know
Extending MU incentives may boost EHR adoption

AI and the state of utilization management: Lessons for health plans

Recommended Live Webinar on Jul 17, 2025 1:00 PM - 2:00 PM CDT

Advertisement

Next Up in Health IT

Advertisement

Comments are closed.