The Health Insurance Portability and Accountability Act (HIPAA) was designed to protect the staff and patients alike. The guidelines and intentions for the creation of this act are explained in this article, along with their implications for your practice.

HIPAA definitionHIPAA or the Health Insurance Portability and Accountability Act has been around since it was enacted in 1996. All healthcare practice management must be familiar and compliant to this law.

Like most legislation, HIPAA is complex and can be difficult to understand. However, the basic ideas behind HIPAA are very interesting and can be explained relatively simply once you parse out the legal language. HIPAA is divided into two Titles.

Title I: Health Care Access, Portability, and Renewability

The legal ramifications of Title I of HIPAA favor individual staff members and attempts to protect people from insurance company policies that are unethical or dangerous.

For example, if you start working at a new job and are switching from your old group plan to a new group plan through your new employer, HIPAA prohibits your new health insurance company from denying you coverage of a pre-existing condition.

Many health insurance companies will do anything to avoid paying for healthcare for their clients. If a potential new client has a pre-existing condition that will cost the insurance company money, they can refuse to pay for benefits relating to the condition for 12 months after the client has enrolled in the plan.

However, if you had health insurance that was providing you with care before the transfer, you can reduce those 12 months because of HIPAA.

Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

Title II is the part of HIPAA compliance that most people are familiar with. Title II pertains to privacy and security of health information, including medical records and health records. The five rules set forth in HIPAA Title II cover everything from the physical security of hard copies of medical records to the safe transmission of electronic health records.

Title II also protects the privacy of patient information by regulating how insurance companies, employer sponsored health plans, and healthcare providers can and cannot share your private information.

Title II is broken into five rules.

The Privacy Rule protects you from businesses that might want to sell your medical information to other interested parties, i.e.: an insurance company selling private patient medical records to a pharmaceutical company that may then be able to target you with advertisements of their products.


The Transactions and Code Sets Rule attempts to standardize health care transactions. To accomplish this, a number of forms were developed to simplify the process of transferring health records and filing claims.

Some problems have arisen due to the complexity of the process and implementation has not been smooth. As a result, an update has changed some of the original procedures.

The Final Rule on Security Standards details how specific safeguards must be put into place to protect patient information. HIPAA’s Privacy Rule says that information must be protected, and the Security Rule talks about how it is protected.

The Unique Identifier Rule made all health care providers adopt a unique ID number. And the fifth rule, the Enforcement Rule, is meant to deter those violating HIPAA by putting financial penalties in place.