Home Security HIPAA; Health Insurance Portability and Accountability Act
HIPAA; Health Insurance Portability and Accountability Act

HIPAA; Health Insurance Portability and Accountability Act


HIPAA is the acronym for Health Insurance Portability and Accountability Act.

  • HIPAA was passed by congress in 1996.
  • Mandates the protection of the health information of millions of American workers. HIPAA reduces health care fraud and abuse.
  • HIPAA helps protect the health information of patients.
  • HIPPA mandates to keep the information secure and private. It covers and explains which information should not be shared, stored or distributed. It also describes the security measures to be considered about how to protect data.
  • Health information means any information, whether oral or redorded in any form or medium that is created by any health related entity that is related to the past, present and future physical or mental health of any individual.
  • PHI is protected health information. All items and elements that need to be kept secure and should not be accessed by any unauthorized persons are included in PHI.Patients name, phone and fax number, email address, Social Security Numbers, IP address (Internet Protocl), any face photographic means and many more are considered PHI elements. more information here!
  • Protected health information means individually identifiable health information


What is PII?

Based on the www.dol.govPersonal Identifiable Information is any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.


HIPAA has two main rules and elements:

HIPAA privacy rules:

  • Per HSS.gov; The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.  The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

HIPAA security rules:

  • Per HHS.gov; The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.


What is NOPP?

  • NOPP stands for: Notice of Privacy Practices of Protected Health Information
  • The HIPAA Privacy Rule gives individuals a fundamental new right to be informed of the privacy practices of their health plans and of most of their health care providers, as well as to be informed of their privacy rights with respect to their personal health information. Health plans and covered health care providers are required to develop and distribute a notice that provides a clear explanation of these rights and practices. The notice is intended to focus individuals on privacy issues and concerns, and to prompt them to have discussions with their health plans and health care providers and exercise their rights.
  • The notice or privacy has to be posted or present at the doctors office and the other health related entities.



How to secure the information:

  • HIPAA urges to have a layered defense system for keeping the health information private and secure. This is also called defense in depth. The IT staff need to leverage different aspects of control, policy and security safeguards in place to keep the information secure. All physical and logical security considerations should be implemented. It can include the firewalls, Encryption, Physical security of the servers and data centers.


This article will be updated soon…