Resources to assist an employer in complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA governs the portability and continuity of health insurance coverage and sets out privacy and security standards for the use and distribution of health information.
Many of the resources in this toolkit are in the process of being updated to reflect final HIPAA regulations issued in January 2013.
In 1996, Congress passed the Health Insurance Portability and Accountability Act of 1996 (www.practicallaw.com/1-501-6222)(HIPAA) which governs the portability and continuity of health insurance coverage and also mandates the adoption of the:
HIPAA Privacy Rule, which addresses the privacy of individually identifiable health information (www.practicallaw.com/1-501-6613).
HIPAA Security Rule, which addresses the security of electronic protected health information (www.practicallaw.com/8-501-6596) (PHI).
The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information. The Privacy Rule applies to health plans and other covered entities that conduct certain health care transactions electronically. The Privacy Rule requires safeguards to protect the privacy of PHI, and imposes restrictions on the uses and disclosures of PHI without patient authorization. The Privacy Rule also gives patients rights to certain information related to their health information.
The HIPAA Security Rule establishes national standards to protect individuals’ electronic PHI that is created, received, used or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic PHI.
Failure to comply with the HIPAA Privacy or Security Rule can result in significant consequences including civil and criminal penalties.
The HIPAA Toolkit provides several continuously maintained resources designed to help employers comply with the HIPAA Privacy and Security Rules.
HIPAA Electronic Transactions under Health Care Reform (www.practicallaw.com/9-517-3369)
Cloud Computing and HIPAA Privacy and Security (www.practicallaw.com/0-522-0247)
HIPAA Business Associate Agreement (www.practicallaw.com/3-501-6706)
HIPAA Business Associate Policy (www.practicallaw.com/5-501-6319)
HIPAA Notice of Privacy Practices (www.practicallaw.com/8-502-2366)
HIPAA Notice of Privacy Practices Acknowledgment Form (www.practicallaw.com/2-502-5711)
Board Resolutions: Appointing HIPAA Privacy and Security Officer (www.practicallaw.com/0-502-5062)
HIPAA Request for Accounting of Disclosures (www.practicallaw.com/6-502-5714)
SPD Language, HIPAA Privacy and Security (www.practicallaw.com/4-508-5488)
Certificate of Group Health Plan Coverage (www.practicallaw.com/3-502-2420)