HIPAA Simplified

Privacy And Security

Privacy and Security Rules, defined by the Department of Health and Human Services (HHS) to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), address the use, disclosure, and privacy rights of individuals’ protected health information (PHI) and security standards for protecting certain health information that is held or transferred in electronic form (e-PHI).

Privacy and Security Rules apply to HIPAA covered entities and contracted business associates which transmit health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA.  All covered entities must have been compliant with the Privacy Rule by April 14, 2003, small health plans April 14, 2004 and with the Security Rule by April 20, 2005, small health plans April 20, 2006.   Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules.