Health Insurance Portability and Accountability Act
- Establishes standards for electronic health information transactions and the security thereof
- Sets requirements on payors, providers and clearing houses, as well as timetables for implementation
- Mandates privacy and security standards regarding personal health information
- Provides for state law pre-emption if the state law is more stringent
- Imposes civil monetary penalties and criminal penalties including prison for violations
The Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, is designed to implement national standards for information-related activities of the health care industry, such as financial and administrative transactions, code sets, the security of health information, and certain unique health identifiers. In addition, HIPAA requires standards to protect the privacy of certain health information. HIPAA also defines that civil and criminal violations will be enforced by the Department of Health and Human Services and the Department of Justice, respectively.