What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, includes important new - but limited - protections for millions of working Americans and their families. HIPAA requires:

• Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
• Protection of confidentiality and security of health data through setting and enforcing standards.

More specifically, HIPAA stands for:

• Standardization of electronic patient health, administrative and financial data
• Unique health identifiers for individuals, employers, health plans and health care providers
• Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

Who is affected?      All healthcare organizations. This includes all health care providers, even 1-physician offices, health plans, employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities.

Are there penalties?      HIPAA calls for severe civil and criminal penalties for noncompliance, including: -- fines up to $25K for multiple violations of the same standard in a calendar year -- fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information

Compliance deadlines?      Most entities have 24 months from the effective date of the final rules to achieve compliance. Normally, the effective date is 60 days after a rule is published.