Health Insurance Portability and Accountability Act (HIPAA) of 1996
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) included Administrative Simplification provisions requiring the U.S. Department of Health and Human Services (HHS) to adopt national standards for electronic healthcare transactions and for the security and privacy of health information. The Standards for Electronic Transactions regulation adopts standards for eight electronic transactions and for national code sets to be used in those transactions. In December 2000, HHS issued the Privacy Rule (Standards for Privacy of Individually Identifiable Health Information). This rule applies to health plans, healthcare clearinghouses, and healthcare providers that submit health information electronically in connection with standardized transactions. State agencies that act in these capacities are considered covered by or subject to the Privacy Rule. This means that they must have contracts with their “business associates” that protect the privacy of individually identifiable health information held by the associates; this may be individuals or organizations. A business associate (1) creates/receives protected health information to perform a function or activity on behalf of the covered State or (2) creates/receives protected health information while providing services (legal, actuarial, accounting, management, consulting, financial services, data aggregation, and others) to the covered State. State agencies are not covered as health plans if they principally provide or pay the cost of health care or if they principally manage grants that fund the direct provision of health care, such as block grants.
Type of Resource: