Why was HIPAA enacted, and who enforces it today?
Enacted in 1996 to ensure insurance portability, HIPAA now protects health data privacy and security under enforcement by the Office for Civil Rights (OCR) within HHS.
Which entities must follow HIPAA rules?
Covered Entities—providers, insurance companies, clearinghouses—and their Business Associates, such as billing, legal, or data analysis vendors.
What does the HIPAA Privacy Rule protect?
It protects Protected Health Information (PHI)—any data that can identify a patient, including names, addresses, dates, ID numbers, biometrics, and photos.
What does the Security Rule require?
Covered entities and business associates must safeguard electronic PHI through administrative, physical, and technical measures
Confidentiality, Integrity, Availability
When must a breach be reported under HIPAA?
If PHI is improperly used or disclosed, it’s presumed a breach unless a risk assessment shows low likelihood of compromise—requiring notice to patients, HHS, and sometimes media.
What are providers’ responsibilities and risks under HIPAA?
Providers must protect patient data or face major fines. Because medical records are valuable to hackers, many organizations carry cyber liability insurance for breaches and ransomware.
-
Addiction Medicine29
-
Behavioral Aspects of Chronic Disease17
-
Principles of Learning17
-
Motivational Interviewing13
-
Pain14
-
Medical Trauma13
-
Defense Mechanisms9
-
Defense Mechanisms (List)13
-
Sleep16
-
Disability22
-
Cranial Nerves Functions12
-
Cranial Nerves Foramen and Fissures16
-
Implicit Bias9
-
Healthcare Econ I and II9
-
Healthcare Econ III11
-
Healthcare Financing11
-
Medical Malpractice15
-
HIPAA6
-
Racism and Stigma 210
-
Social Determinants of Health 212
-
Healthcare Econ II8
-
IT in Healthcare 211
-
Population Health10
-
Quality Improvement10
-
Patient Safety13
-
Value Based Care7
-
HP Lecture 11
