HIPAA (Health Insurance Portability and Accountability Act): A Brief Summary 


HIPAA is Federal legislation that created national standards to protect the privacy of patients’ medical records and other personal health information (PHI).


The HIPAA Privacy & Security Regulations give patients certain rights over their healthcare information and requires Family Health Center, Inc. to put policies and procedures in place to protect patients’ health information, whether oral, written, or electronic, from being used by or disclosed to individuals not authorized to access it.


HIPAA itself does not establish the regulations, but provides the framework for regulations (generally known as “rules”) in four areas: transactions and code sets, identifiers, privacy, and security.


How does Information Security Relate to HIPAA?


EPHI is the electronic or digital form of protected health information, which is used in place of paper or oral forms of PHI.


Security and privacy have become increasingly important in our electronic age of healthcare. HIPAA contains regulations for maintaining the security of EPHI through the use of administrative, physical and technical security measures.


  • Privacy - The rule that provides guidelines intended to protect the confidentiality of PHI. Standards for identification and authentication of people and organizations requesting PHI are enumerated in this rule.  Responsibility for compliance with the privacy rule falls under the Corporate Compliance Officer.


  • Security - The rule that deals largely with the technical measures used to enforce the organization's information-handling policy.  Compliance with the security rule is the responsibility of the Management Information Systems / Information Technology Department.


For more information regarding HIPAA, please click on the link below:

  >>US Dept of Health and Human Services Health Information Privacy Page: HIPAA and PSQIA