The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, is a federal law seeking simplification and easing burdens in health care transactions through uniform rules affecting electronic transactions, code sets, security of electronic transactions and uniform identifiers for parties involved in electronic health care transactions and the health care delivery system. HIPAA also seeks uniformity in the privacy practices of HIPAA covered-entities and assurances of certain rights that individuals enjoy relative to their medical records. While HIPAA's statutory provisions were passed by Congress and signed by the President in 1996, regulations implementing the law came much later and at staggered times.

HIPAA has four (4) parts:

  • privacy;
  • electronic transactions and code sets;
  • security, and
  • uniform identifiers for employers, providers, patients, and health plans.

The Department of Health and Human Services (HHS) is the federal agency responsible for HIPAA implementation, education and enforcement. HHS' Centers for Medicare and Medicaid Services (CMS) is the HIPAA enforcement agency for electronic transactions and code sets, security of electronic transactions, and national identifiers. HHS' Office of Civil Rights is the HIPAA enforcement agency for the Privacy Rule.

Are You A HIPAA Covered Entity?

HIPAA regulations are binding upon those health care providers conducting certain electronic transactions, health plans, and health clearinghouses that are "covered entities" within the definitional meaning of that term under HIPAA. The Centers for Medicare & Medicaid Services provides Covered Entity Charts to help determine if your entity is covered.