Skip to main content

HIPAA Overview

Last updated: September 2017


The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its administration simplification provisions established rules and regulations around the standards and requirements for transmitting certain health information to improve the efficiency and effectiveness of the health care system while protecting patient privacy.

Fast Facts:

1)     Applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.

2)     The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. This information is referred to as "protected health information (PHI)".

3)     PHI is information that relates to: the individual's past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. 

4)     The minimum necessary rule is a key protection of the HIPAA Privacy Rule. Under this rule, PHI must not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function.

5)     Penalties range from $100-$50,000 or more per violation.

Need more information?  You can dive deeper into this topic by clicking here.