🔍 What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act, enacted in 1996.
It sets national standards to protect individuals’ medical records and other personal health information (PHI).
HIPAA applies to covered entities (healthcare providers, health plans, healthcare clearinghouses) and business associates (vendors handling PHI).
🧩 Key Components of HIPAA
1. Privacy Rule
Protects all “individually identifiable health information.”
Grants patients rights over their health information, including:
Access to their records
Requesting corrections
Receiving a notice of privacy practices
2. Security Rule
Focuses on electronic protected health information (ePHI).
Requires safeguards:
Administrative (e.g., training, policies)
Physical (e.g., secure facilities)
Technical (e.g., encryption, access controls)
3. Breach Notification Rule
Requires covered entities to notify affected individuals, the HHS, and sometimes the media if a breach occurs.
Notification must be made within 60 days of discovery.
4. Enforcement Rule
Establishes procedures for investigations and penalties.
Civil penalties range from $100 to $50,000 per violation, with a maximum annual penalty of $1.5 million.
5. Omnibus Rule
Strengthens privacy protections and expands responsibilities of business associates.
Clarifies patient rights and breach notification requirements.
🛡 Protected Health Information (PHI)
Includes any health information that can identify an individual:
Name, address, birth date, Social Security number
Medical records, lab results, billing information
✅ HIPAA Compliance Best Practices
Train all staff on HIPAA policies.
Use secure systems for storing and transmitting PHI.
Limit access to PHI based on job roles.
Conduct regular risk assessments.
Report breaches promptly.
📝 HIPAA Compliance Quiz (15 Questions + Answers)
1. What does HIPAA stand for? Answer: Health Insurance Portability and Accountability Act
2. What type of information does HIPAA protect? Answer: Protected Health Information (PHI)
3. Which rule focuses on electronic protected health information? Answer: Security Rule
4. What is the maximum civil penalty per year for HIPAA violations? Answer: $1.5 million
5. Who must comply with HIPAA regulations? Answer: Covered entities and business associates
6. What is the purpose of the HIPAA Privacy Rule? Answer: To protect individuals’ medical records and personal health information
7. What is the time frame for notifying individuals after a breach? Answer: Within 60 days of discovery
8. Which safeguard category includes encryption and access controls? Answer: Technical safeguards
9. What is considered PHI under HIPAA? Answer: Any identifiable health information, such as medical record numbers
10. What is the role of the Omnibus Rule? Answer: To strengthen privacy protections and expand business associate responsibilities
11. What is one example of a physical safeguard? Answer: Securing facilities and restricting physical access
12. What must covered entities provide to patients regarding their privacy rights? Answer: A Notice of Privacy Practices
13. What is one administrative safeguard under the Security Rule? Answer: Staff training on HIPAA policies
14. What should be done if a HIPAA breach occurs? Answer: Notify affected individuals, HHS, and possibly the media
15. What is the consequence of failing to comply with HIPAA? Answer: Civil and criminal penalties, including fines