What is HIPAA? The definition and other terms you should know about healthcare data

Pete Hoff
  • 7 min read

HIPAA is an acronym for Health Insurance Portability and Accountability Act. But what does that mean?

HIPAA defined and explained

According to the CDC, “the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.”

In short, HIPAA is the standard to provide guidance to businesses on how to protect the privacy of patients and health plan members.

What information is protected by HIPAA?

The information that is protected by HIPAA is called personal healthcare information (PHI). In the past, PHI was physical data, stored in file systems in doctors’ offices. Now, most data is electronic, stored on computers and servers. This information is called electronic personal healthcare information (ePHI).

Who can access ePHI?

HIPAA defines two types of entities that can access ePHI: Covered Entity and Business Associate. Typically businesses that are defined as a Covered Entity (CE) are aware of their HIPAA requirements, but some organizations are not aware they may be a HIPAA Business Associate (BA) based upon their business activities.

CEs are healthcare providers like hospitals, doctors’ offices, and insurance plan providers, but a BA can be any third party associated with processing health-related or insurance information. BAs are usually the accounting firms or CPAs that process records associated with health insurance claims, data clearinghouses, insurance billing, and technology providers.

HIPAA, ePHI, and technology

With today’s technology and the constant threat of cyber attacks, your team needs to stay on top of their devices, endpoints, and applications to maintain HIPAA compliance.

To learn more about HIPAA, ePHI, and how to be compliant with your technology toolkit, let’s connect.