Call (800) 503-5517

for FREE insurance quotes by phone

Free Health Insurance Comparison

Compare Quotes from Top Companies and Save

Auto Insurance Companies

What is HIPPA?

A brief overview...
  • HIPAA is a piece of healthcare legislation passed in 1996 to address continuing coverage for workers who were laid off or got a different job
  • It also addresses privacy and security concerns, especially with regards to digital healthcare records
  • It requires healthcare organizations to take certain precautions to protect private medical records, with severe civil and criminal penalties for failing to comply

HIPAA is often considered to be a landmark piece of healthcare legislation. It is split into two parts, called Title I and Title II. HIPAA was passed in 1996 and signed into law by Bill Clinton.

Title I covers health insurance coverage for people when they lose or simply change jobs. Title II covers what are known as Administrative Simplification (AS) laws, which are essentially the implementation of federal standards for digital health care transactions and nation-wide identifiers for healthcare providers, medical insurers, and employers.

Title I and Title II are themselves split into several different chapters and clauses. This legislation is quite dense, with the bill itself numbering hundreds of pages. However, you do not actually need to read all of these pages.

This article will break down and simplify the act so that you are informed when you go to compare insurance quotes online and purchase a policy. To learn more about HIPAA, read on.

Also, don’t forget to compare free health insurance quotes using our a search tool on our site like the one above!

What Title I of HIPAA Covers

Employee benefits package

Title I mostly pertains to group health insurance plans offered through employers, although it does cover some individual plans as well. Title I require coverage for pre-existing conditions and limits the restrictions that insurers can place on this coverage.

This part of HIPAA also requires that insurers offer plans to individuals leaving group plans, and allow these individuals to renew these plans if they wish.

Title I is actually not considered to be the most important part of the act. This distinction is usually reserved for Title II.

What Title II of the Act Covers

Stethoscope on laptop

Title II of HIPAA is far more complicated and lengthy than Title I. In short, it covers privacy and security for healthcare information, especially information that is stored digitally. It outlines specific regulations for privacy and security, as well as civil and criminal penalties for violating these regulations. However, this is not all Title II covers.

The parts of Title II generally considered to be the most important are the Administrative Simplification rules, commonly called the A.S. rules. These rules required the Department of Health and Human Services to create and enforce rules for using and spreading healthcare information.

Not all entities within the healthcare system are covered under the A.S. rules. The organizations that are covered include clearinghouses, medical insurers, and providers that send out healthcare information.

The Department of Health and Human Services, often referred to as the H.S.S., has created five rules. These rules are the Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers Rule, and Enforcement Rule.

The Privacy Rule of Title II

The Privacy Rule came into effect on April 14, 2003. Simply put, it regulates the privacy of healthcare information. The information covered under this rule is specifically referred to as Protected Health Information, or PHI.

Protected Health Information is defined as any info that specifies health status, health coverage, or payment for healthcare.

This info is only a small portion of healthcare related information that entities covered under the rules deal with. However, the Privacy Rule has generally been enforced quite broadly, so any part of somebody’s medical payment history or medical records is covered.

The 2013 Update to the Privacy Rule


The 2013 update to the Privacy Rule required that business partners of covered entities also follow the A.S. rules. Also, the scope of the Privacy Rule was updated to include more scrutiny of how covered entities report breaches. This was in response to many breaches that these entities did not originally report to the people whose information was stolen.

Disclosure to Relatives


Many hospitals refuse to communicate information over the phone to relatives of patients. This has caused many people a great deal of stress and resulted in difficulties in identifying missing persons. Many people have called for an amendment to HIPAA that would allow hospitals to convey information over the phone when it pertains to the status of the caller’s loved one.

There are currently no proposals to add such a clause to HIPAA. Advocacy groups continue to try and persuade politicians to add in such a clause, but they have not had any success so far.

Transactions and Code Sets Rule


One of the goals of HIPAA was to standardize healthcare transactions. To that end, the Transactions and Code Sets Rule was implemented. However, this rule backfired at first. There was a great deal of confusion within the healthcare industry about what the Transactions and Code Sets Rule meant in practice.

Essentially, this rule establishes standards that must be met when handling health insurance claims as well as protocol to follow when the cliams are unable to be filed electrionically.

Those that did attempt to implement the rule found it difficult and time-consuming. A revision for this rule was passed in 2012 that makes it much more clear and easy to implement. Since this happened, covered entities have not had nearly as much trouble with it.

The Security Rule of Title II


The Security Rule specifically deals with the security of electronic health information. It lists three types of security safeguards that organizations must have in place: administrative, technical, and physical. Any covered entity that does not have all three of these safeguards is in violation of the act.

The three safeguards are further broken down into many policies and mechanisms that covered entities must have in place. How the entity ends up implementing these policies and mechanisms is their concern. Some have suggested that this is too much freedom, and covered entities should also be regulated in the way that they implement the Security Rule.

Title II’s Unique Identifiers Rule


The Unique Identifiers Rule requires that healthcare providers be identified by a unique alphanumeric code and only this code when records of transactions are created and stored. It is important to note that this identifier must be totally random and not give away anything about the provider.

For example, the identifier cannot contain a shortened version of the provider’s name or location. An organization such as a hospital can only have one identifier unless they have a separate facility like a surgical center. This facility can have its own identifier unrelated to the designation for the parent organization.

Final Thoughts


HIPAA is considered to be one of the most important pieces of healthcare legislation ever passed in America. It anticipated the numerous security concerns that Americans would face when their health information became digitized. It was difficult to implement in some areas, but the revisions have been fairly effective and generally easy to implement.

HIPAA is not without its critics, many of whom claim that the time and expense business spend to implement it is too much. However, it doesn’t look like HIPAA will be repealed anytime soon.

To find a certified health insurance plan with a network of HIPPA-abiding doctors and specialists, enter your zip code below and compare free quotes today!

Free Health Insurance Comparison

Compare Quotes from Top Companies and Save

Copyright © 2023 Health Insurance Benefits