1. What is HIPAA?
The Health Insurance Portability and Accountability Act was made part of Public Law (104-191) on August 21, 1996. Its main goal is to encourage health related organizations to establish standards and methods for securely transmitting and handling of sensitive health information ( SEC. 261. PURPOSE).
You may find a copy in paper or electronic format of the Act from the National Registry and from the U.S. Department of Health and Human Services at the following address:
That document has the final authority of what applies to HIPAA and should be referred to it prior to making any decisions regarding compliance.
2. What are the important compliance dates?
As Congress required in HIPAA, most covered entities have until April 14, 2003 to come into compliance with these standards, as modified by the August, 2002 final Rule. Small health plans will have an additional year - until April 14, 2004 - to come into compliance.
The Secretary shall carry out section 1173 not later than 18 months after the date of the enactment of the Health Insurance Portability and Accountability Act of 1996, except that standards relating to claims attachments shall be adopted not later than 30 months after such date ( SEC. 1174. TIMETABLES FOR ADOPTION OF STANDARDS).
3. Is my software HIPAA certified?
It is a common misconception that office tools including fax machines, computer hardware and software, networking peripherals, handheld devices and software, must comply with HIPAA.
The Act only applies in whole or part to the following entities:
- A health plan
- A health care clearinghouse
- A health care provider who transmits any health information in electronic form in connection with a transaction referred to in SEC. 1173 (a)(1)
4. How can I comply with HIPAA patient privacy requirements?
The Act contains guidelines on what information is to be considered private and should be handled carefully ( SEC. 264. RECOMMENDATIONS WITH RESPECT TO PRIVACY OF CERTAIN HEALTH INFORMATION).
Patient health and billing records can be safely transported between a practice location to another, whether it's a hospital, a private office, a health related organization or associated business. Data within the systems can be password locked and additionally encrypted.