Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers.
The Security Rule applies to health plans, healthcare clearinghouses, and to any healthcare provider who transmits health information in electronic form in connection to a transaction for which the Secretary of HHS has adopted standards under HIPAA.
The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI).3 The Security Rule does not apply to PHI transmitted orally or in writing.