Health Insurance Portability and Accountability Act (HIPAA)

HIPAA: A Brief Summary Expand

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is Federal legislation that created national standards to protect the privacy of patients’ medical records and other personal health information.

The HIPAA Privacy & Security Regulations give patients certain rights over their healthcare information and requires select UC units and/or departments to put policies and procedures in place to protect patients’ health information, whether oral, written, or electronic, from being used by or disclosed to individuals not authorized to access it.

HIPAA itself does not establish the regulations, but provides the framework for regulations (generally known as “rules”) in four areas: transactions and code sets, identifiers, privacy, and security.

How does Information Security relate to HIPAA? Expand

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that charges the Department of Health and Human Services to establish regulations for the handling of protected health information (PHI).

EPHI is the electronic or digital form of protected health information, which is used in place of paper or oral forms of PHI.

Security and privacy have become increasingly important in our electronic age of healthcare. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains regulations for maintaining the security of EPHI through the use of administrative, physical and technical security measures.

  • Privacy - The rule that provides guidelines intended to protect the confidentiality of PHI. Standards for identification and authentication of people and organizations requesting PHI are enumerated in this rule.  Responsibility for compliance with the privacy rule falls under the UC Privacy Officer in the Office of General Counsel.
  • Security - The rule that deals largely with the technical measures used to enforce the organization's information-handling policy.  Compliance with the security rule is the responsibility of the Office of Information Security.

What are the implications for me? Expand

As a Faculty/Staff/Student member at UC with authorized access to EPHI, it is your responsibility to become familiar with the policies and practices necessary for maintaining security and safeguarding patient privacy, especially with respect to their EPHI.

Failure to comply with these policies and procedures can result in penalties for UC as well as the responsible individuals.