The Health Insurance Portability and Accountability Act which is also known as HIPAA is an important law affecting the healthcare industry in the US. Introduced in the year 1996, the legislation was earlier established to help employees with their health insurance coverage during the time frame between two jobs.
It also required healthcare organizations to implement controls to secure patient data against healthcare fraud. However, over the years the legislation evolved and eventually focused on protecting the privacy of patient’s data. Today, HIPAA is best known for protecting the privacy of patient data by appropriately implementing the necessary security requirements outlined in the regulation. This would include implementing HIPAA Security Rules, Privacy Rules, Breach Notification Rules, and Omnibus Rule.
The purpose of the HIPAA Rule was to limit access, restrict disclosure, protect Patient Health Information (PHI), and notify the authorities and people affected by incidents of a data breach. This is mainly to ensure data in both physical and electronic form are appropriately secured, controlled and an auditable trail of PHI activity is maintained. In short, the purpose of HIPAA is to improve the efficiency, security, and privacy of PHI data in the healthcare industry.