The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services to develop regulations protecting the privacy and security of certain health information. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules activities and civil money penalties.
Prior to HIPAA, no generally accepted set of security standards or general requirements for protecting health information existed in the health care industry. At the same time, new technologies were evolving, and the health care industry began to move away from paper processes and rely more heavily on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other administrative and clinically based functions.
The short version is if your company handles or has access to a persons health care information you need to be HIPAA Compliant. Further more it your company is doing business with a company that is HIPAA Compliant and have to access protected patient information your company must have a business agreement and your company must also be HIPAA complaint. Here some examples of businesses that may need to be HIPAA Compliant: law firms, medical transcriber, CPA’s, IT Services, consultant, benefits managers.
Information was provide by www.hhs.gov