HIPAA Compliance

HIPAA is the United States Health Insurance Portability and Accountability Act of 1996. There are two sections to the Act. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems.

In the healthcare information technology industry, Title II is the section most people mean when they refer to HIPAA. The activities of the LSUHSC - HCSD HIPAA team and this web site are focused on addressing the rules and regulations associated with Title II.

Title II establishes mandatory regulations that require extensive changes to the way that health providers conduct business regarding the use of and distribution of healthcare data.

HIPAA seeks to establish standardized mechanisms for

  • electronic data interchange (EDI)
  • security
  • confidentiality of all healthcare-related data.

The Act mandates standardized formats for all patient health, administrative, and financial data, unique identifiers (ID numbers) for each healthcare entity, including individuals, employers, health plans and health care providers, and security mechanisms to ensure confidentiality and data integrity for any information that identifies an individual.

Because of the current lack of standardization within the healthcare industry and the comprehensive nature of HIPAA's regulations, many organizations have a great deal of work ahead of them in order to comply with the Act's components. In general, the deadline for compliance is 24 months after the effective date of any given rule.

The Department of Health and Human Services (DHHS) is the branch of the federal government overseeing the Administration Simplification Act. The Centers for Medicare & Medicaid Services (CMS) is responsible for providing guidelines for how HIPAA and the Administrative Simplification Act will impact the Medicare program.