HIPAA Software

HIPAA Rules

HITECH Act

Other Resources

HIPAA Rules and Standards

The Health Insurance Portability and Accountability Act (HIPAA) regulations are divided into five major Standards or Rules: Privacy Rule, Security Rule, Transactions and Code Sets (TCS) Rule, Unique Identifiers Rule and (HITECH) Enforcement Rule.

HIPAA Privacy Rule

The HIPPA Privacy Rule mandates the protection and privacy of all health information. This rule specifically defines the authorized uses and disclosures of "individually-identifiable" health information. This is the most complex rule, setting requirements for how protected health information (PHI), in any form or medium, should be controlled.



HIPAA Security Rule

The HIPAA Security Rule mandates the security of electronic medical records (EMR). Unlike the Privacy Rule, which provides broader protection for all formats that health information make take, such as print or electronic information, the Security Rule addresses the technical aspects of protecting electronic health information. More specifically, the HIPPA Security standards adresses these aspects of security:

Administrative security - assignment of security responsibility to an individual.

Physical security - required to protect electronic systems, equipment and data.

Technical security - authentication & encryption used to control access to data.

HIPAA Transactions and Code Set Rule (TCS)

The HIPPA Transaction and Code Set Standard addresses the use of predefined transaction standards and code sets for communications and transactions in the health-care industry. Standards 5010 and ICT-10 are addressed here.


HIPPA Unique Identifiers Rule

As part of HIPAA Administrative Simplification regulation, three unique identifiers are used for covered entities in HIPAA transactions. The use of these unique identifiers will promote standardization, efficiency and consistency.


HIPPA Enforcement Rule

The HIPAA Enforcment Rule stems the HITECH Act. The HITECH Act substantially expands the scope of the HIPAA Privacy and Security Rules and increases the reach and penalties for HIPAA violations.