The purpose of the health insurance portability and accountability act (hipaa) is to

The Health Insurance Portability and Accountability Act (1996) (HIPAA) applies to both clinical care and research. It was created, in part, to establish minimum privacy standards to protect health information, while permitting health information to be shared for health care treatment.

The HIPAA Privacy Rule, which had a compliance date of 04/14/03, established minimum standards for safeguarding how covered entities handle individually identifiable health information, known as protected health information (PHI). Covered entities include health plans (e.g., insurance companies, HMOs, Medicare, Medicaid), health care clearinghouses (e.g., billing services, community health management information systems), and, if they electronically transmit health information in connection with transactions (e.g., billing and payment for services or insurance coverage), health care providers (e.g., doctors, clinics, dentists, psychologists, pharmacies, nursing homes). CHA is a covered entity.

PHI is any health information that identifies an individual. More specifically, PHI is directly or indirectly individually identifiable health information that is created, received, maintained or transmitted by a covered entity that relates to past, present, or future health information.

The HIPAA Security Rule establishes standards to protect individuals' electronic PHI (ePHI) that is created, received, used, or maintained by a covered entity. It requires administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI.

A covered entity may use and disclose PHI without a person's permission only for the purposes of treatment, payment, or health care operations (e.g., public health reporting).

Access to PHI for research is outside of the scope of treatment, payment, or health care operations. As a result, PHI may be used and disclosed for research purposes only through one of the following methods:

Please refer to this quick reference chart of the 5 exceptions above that do not require signed authorization for the use and disclosure of PHI in human research.

The purpose of the health insurance portability and accountability act (hipaa) is to

Executive Summary

We came across some useful information from TechTarget and the U.S. Department of Human and Health Services and have combined it into the summary below on the topic of HIPAA compliance. Please refer to the original sources below for more detailed information.

The Health Insurance Portability and Accountability Act  (HIPPA) is US legislation that provides data privacy and security provisions regarding medical information. HIPPA contains five sections or titles, including it's most significant section known as the Privacy Rule. The Privacy Rule component establishes national standards to protect individuals’ medical records as well as personal health information. This law applies to health plans and health care providers among other entities. 

Contact Organizations:

  • For HIPPA and HIPPA Violations - TechTarget                                         
  • For the HIPPA Privacy Rule - U.S. Department of Human and Health Services 

We are interested in generating some discussion on this topic - please check out our Healthcare Privacy Community and join the conversation. 


  • Privacy Legislation in Health Care
  • Healthcare Privacy Legislation in the USA

The Health Insurance Portability and Accountability Act (HIPAA) 

The five main sections of HIPAA are as follows:

  • HIPAA Title I: protects health insurance coverage for those who lose or change jobs. It prevents group health plans from denying coverage to individuals with specific diseases and pre-existing conditions, and from setting lifetime coverage limits.
  • HIPAA Title II: directs the U.S. Department of Health and Human Services (HHS) to establish national standards for processing electronic healthcare transactions. It also requires that healthcare remains in compliance with privacy regulations set by HHS.
  • HIPAA Title III: includes tax-related provisions and guidelines for medical care.
  • HIPAA Title IV: defines health insurance reform, including individuals with pre-existing conditions and those seeking continued coverage.
  • HIPAA Title V: includes provisions on company-owned life insurance and treatment of those who lose their U.S. citizenship for income tax purposes.

HIPAA Title II is most prevalent in IT circles. Also known as the Administrative Simplification provisions, Title II includes the following HIPAA requirements:

  • National Provider Identifier Standard 
    • Each healthcare entity must have a unique 10-digit national provider identifier number (NPI).
  • Transactions and Code Sets Standards 
    • Healthcare organizations must follow a standardized mechanism for electronic data interchange (EDI) when submitting and processing insurance claims.
  • HIPAA Privacy Rule 
    • The Standards for Privacy of Individually Identifiable Health Information establishes standards to protect patient health information.
  • HIPAA Security Rule 
    • The Security Standards for the Protection of Electronic Protected Health Information sets standards for patient data security.
  • HIPAA Enforcement Rule 
    • Establishes guidelines for investigations into HIPAA compliance violations.

​​HIPAA Violations

The HIPAA Breach Notification Rule requires all covered entities and those concerned to notify patients in the instance of a data breach. Additionally, healthcare organizations can receive fines after HIPAA audits mandated by the HITECH Act and conducted by the Office for Civil Rights (OCR). Providers could also face criminal penalties.

Organizations can lower their risk of regulatory action through HIPAA compliance training programs. The OCR has six educational programs; consultancies and training groups offer programs as well. Healthcare providers may also choose to create their own training programs, encompassing each organization's current HIPAA privacy policies, the HITECH Act, and other guidelines.

Training companies offer certification credentials to indicate an understanding of the guidelines and regulations specified by the act, as there are currently no official HIPAA compliance certification programs. 


  • Privacy Horizon Library: USA Federal Privacy Laws
  • Health Privacy: United States Department of Health and Human Services

The HIPAA Privacy Rule

The HIPAA Privacy Rule establishes protection towards individuals’ medical records and personal health information. It also requires appropriate measures to protect the privacy of said information and sets limits on the uses of such information without proper authorization. Moreover, it also gives patients rights over their health information, including but not limited to, rights to examine and obtain a copy of their health records and to request corrections.

Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes and administrative requests when necessary.


Key Takeaways

The principles outlined by the HIPAA were designed to establish the roles and responsibilities of those who hold and exchange electronic health information. These principles provide a good foundation upon which an organization may build its privacy infrastructure. 

What is the main purpose of the Health Insurance Portability and Accountability Act HIPAA apex?

The goals and objectives of this legislation are to streamline industry inefficiencies, reduce paperwork, make it easier to detect and prosecute fraud and abuse and enable workers of all professions to change jobs, even if they (or family members) had pre-existing medical conditions.

What is the purpose of HIPAA quizlet?

What is the purpose of HIPAA? To standardize Health care transactions as well as rules which protect the privacy and security of health information.

What did the Health Insurance Portability and Accountability Act establish quizlet?

What is HIPAA? Health Insurance Portability & Accountability Act of 1996. HIPAA establishes uniform rules for protecting health Information and privacy. Compliance enforced by the HHS through the OCR(Office of Civil Rights).