The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that was enacted to establish national standards for electronic health care transactions and also address the security and privacy of health data. Hospitals, medical offices, HMOs and health care clearinghouses may only use or disclose PHI (protected health information) for treatment, payment and health care operations. The reason for its creation was the growing number of organizations involved in care and processing of medical claims, the growing use of electronic technology and the increasing ability to collect highly sensitive information. HIPPA privacy standards were enacted to restore trust, and make business associates directly accountable under HIPPA.
Two years ago, HIPPA breach notification obligations were developed (if there is a breach of the HIPPA rules, the organization bust notify the Department of Health and Human Services. Since then, the Department of Health and Human Services, Office for Civil Rights, had six settlements (four within the past year), for violation of the privacy and security rule. The most recent settlement was $865,500 against UCLA Health System. UCLA Health System employees were accused of violating the Privacy Rule by improperly accessing the protected health information of patients, including several celebrities who filed complaints with HHS. In addition to paying the $865,000 fee, UCLA Health System entered into an agreement with OCR requiring it to revise its HIPAA Privacy and Security policies, submit them to OCR for approval and present the revised policies to all employees who access PHI and all new employees within 30 days of HHS approval of the Policies.
Links to more information: