HIPAA (Health Insurance Portability and Accountability Act), is a United States legislation that was signed in 1996. There are two major purposes of HIPAA : one is to allow the American workers to get complete health insurance coverage when they lose or change their job, and another one, to ensure data privacy and security provision for patient's overall healthcare information.
The HIPAA rules and regulations are meant to provide guidance for proper use and disclosure of protected health information (PHI) with the protocol to secure PHI and How to proceed if there is a PHI breach. It’s there to achieve accountability among health care providers, health insurances, healthcare plans. The HIPAA security rules is consist of three components on which the healthcare organization can comply with,
Privacy Rule -These sets of privacy standards that prevent physical theft and loss of devices that contain patient information.
Security Rule -These are the set of security standards that must be applied to ensure protections towards patient's integrity, confidentiality and available ePHI (Electronic Protected Health Information). This also involves documented risk analysis and risk management strategies with IT security, administrative, and physical controls for compliance.
Breach Notification Rule - These rules are meant for the organizations that experience a PHI breach to report incidents as to how many patients are affected by the breach, and how. Moreover, the entities need to notify all the affected individuals as well as the US Department of Health and Human Services (HHS); and sometimes if needed media notification also comes into the play.
In addition to the above standardized mechanisms with regards to electronic data interchange (EDI), HIPAA also looks out for health care entities. This includes employers, health care providers, health plans - all of them will be provided with a unique 10-digit number known as NPI (National Provider Identifier), the absence of which can restrict them to proceed with the treatment and also denies the payment for the treatment from the healthcare insurance.