What is HiPAA Compliance



What is HIPAA Compliance? DHHS or the U.S. Department of Health and Human Services takes upon the responsibility of updating covered entities and issuing new standards regarding the use or exchange of PHI. From a conventional perspective, any healthcare provider referring to his practice being HIPAA-compliant meant that he was attempting to comply with the Privacy Rule. However, in due course of time, it has become much simpler to become HIPAA-compliant. A recent development that has aided this transformation is the enactment of The American Recovery and Reinvestment Act 2009 - ARRA. The ARRA has gained prominence owing the to the presence of the Health Information Technology for Economic and Clinical Health or the HITECH Act within it.

The HIPAA Act of 1996 has set strict standards regarding a patient's Protected Health Information (PHI) as a part of its Privacy Rule regulations.


The HIPPA Privacy

Rule addresses all issues concerned with saving/accessing/sharing medical & personal information of an individual. The concept of a Covered Entity is at the core of Privacy Rule regulations. All Healthcare Providers and Health Plans are called Covered Entities. Here, Health Plans include state, federal, private and employee & veterans' welfare health insurance plans.


However, this is a very basic definition, as the realm of a Covered Entity implies to all Business Associates that are involved in accessing/sharing an individual's medical health information. A Business Associate represents all persons or organizations that are involved in the direct functioning of a Covered Entity or act on behalf on a Covered Entity. However, it does not involve the employees of a covered entity. For example, the clerical staff at a healthcare center is not regarded as a Business Associate. However, an outsourcing firm that is handling medical billing on behalf of the medical facility is a Business Associate, i.e. it is bound to follow HIPAA compliance guidelines. Usual services rendered by a Business Associate include:


  • Handling Patient's personal/medical data
  • Assistance in Administrative functions
  • Legal/financial/insurance-based Consultations