HIPAA compliance falls under two federally mandated guidelines, the HIPAA Privacy Rule and the HIPAA Security Rule. These rules provide for the privacy and security of health information that can be individually identified, according to the U.S. Department of Health and Human Services.
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is the first U.S. mandate establishing national standards both for the protection of health information privacy and the means by which that privacy is secured. The act is comprehensive and includes a broad range of technical, administrative, physical and organizational requirements and safeguards, as detailed by the U.S. Department of Health and Human Services.
Covered entities, which include health plans, health care providers and health care clearinghouses, and their business associates are subject to HIPAA regulation. A business associate is defined as a person or business who, for the purpose of providing a service, is given access to protected health information by a covered entity. The U.S. Department of Health and Human Services lists examples of services provided by business associates such as accounting, claim processing, legal review and note transcription.
Under the act, noncompliance can result in both civil and criminal fines and penalties, explains the American Medical Association.