• A
  • |
  • A
  • Text size

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Privacy, Security, and Electronic Transactions and Code Sets Regulations adopted under the Health Insurance Portability and Accountability Act of 1996

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) led to the adoption of federal regulations that had a major effect on physician practices. These regulations include the HIPAA Privacy Rule, Security Rule, Electronic Transactions and Code Sets Rule. These rules are subject to frequent change and expansion by the U.S. Department of Health and Human Services.

The AMA has developed numerous resources designed to help you stay abreast of, and maintain compliance with, these rules.

The HIPAA Privacy Rule

The Privacy Rule restricts covered entities’ and business associates’ use and disclosure of an individual’s "protected health information" (PHI). "Protected health information" means information that would identify an individual and that is held or transmitted by a covered entity or business associate in any form or media—whether electronic, paper, or oral, that relates to the past, present, or future physical or mental health of an individual, health care services, or payment for health care.

The HIPAA Security Rule

The HIPAA Security Rule became effective in 2005. The Security Rule requires physician practices to implement a number of administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI.

"Electronic PHI" refers to all individually identifiable health information a covered entity or business associate creates, receives, maintains or transmits in electronic form. The Security Rule does not apply to PHI transmitted orally or in writing.

The HIPAA Transactions and Code Sets Final Rule

HIPAA also required the U.S. Department of Health and Human Services (HHS) to adopt regulations for unique health identifiers, and electronic transactions and code sets. The Transactions and Code Sets Final Rule became effective in 2003. The Transactions and Code Sets Final Rule named standard administrative transactions with which covered entities must comply when performing those transactions electronically. These include:

  • Health claims or equivalent encounter information (837);
  • Enrollment and disenrollment in a health plan (834);
  • Eligibility for a health plan (270/271);
  • Health care payment and remittance advice (835);
  • Health plan premium payments (820);
  • Health claim status (276/277); and
  • Referral Certification and Authorization (278).
Practice Management Alerts
Stay current with issues that affect your practice. Register for Practice Management Alerts specific to your location, specialty or payer partners.
Knowledge Center
Get expert advice when you need it. The AMA-PMC team is here to help members and their staff with issues and concerns.
Contact Us
Get expert advice when you need it. The AMA-PMC team is here to help members and their staff with issues and concerns.
LinkedIn Discussion Group
Join discussions in the AMA Practice Efficiency & Management LinkedIn Group.