The U.S. Department of Health and Human Services Office for Civil Rights is the go-to resource for all things HIPAA. The Office for Civil Rights works to ensure equal access to specific health and human services while also protecting the privacy and security of individually identifiable health information. That is where HIPAA comes in.
HIPAA – the Health Insurance Portability and Accountability Act – is the primary law that protects health information. HIPAA governs how protected health information – known as PHI – can be used and shared. In our age of cybersecurity, PHI is at times referred to as ePHI or electronic protected health information. Under HIPAA, protected health information includes verbal or recorded information that is created or received by specific entities that relate to an individual’s physical or mental health or condition, health care, or payment for health care. This information can relate to an individual’s past, present, or future situation, and is typically transmitted or maintained electronically – although transmission and storage can be non-electronic and still be covered under HIPAA. Many things qualify as PHI. In fact, there are 18 categories of PHI. Some examples include social security numbers, biometrics like fingerprints or voiceprints, full-face photos, health plan account numbers, and many others.
Whether uncovered through tips or complaints, external audits, or investigations into a known data breach, violations of HIPAA regulations are best avoided altogether. With the proper administrative, physical, and technical safeguards in place, covered entities and their business associates give themselves the best chance at avoiding HIPAA violations. Even if non-compliance is not an issue, following HIPAA guidelines will aid any organization in further ensuring information privacy and security.
Keywords: hipaa, hipaa law, privacy rule, hipaa privacy rule, hipaa violation, hipaa compliance, compliance with hipaa, hipaa certification, hipaa compliant, compliant data collection, compliance and data protection, human subjects protection, patient privacy protection, protected health information, phi, regulations, hipaa regulations, hippa, hipaa covered entity, hipaa authorization