|THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule
The HIPAA Privacy Rule, which became effective April 14, 2003 and the HIPAA Security Rule, which required full compliance by April 21, 2005, are federal law. Anyone not in compliance can face up to $250,000 in fines and jail time up to 10 years.
The HIPAA Privacy Rule applies to protected health information (PHI) in all forms oral, written, and electronic as well as the use and disclosure of an individual's health information, Its purpose is to ensure an individual's health information is properly protected; and for individuals to understand and control how their health information is used.
The HIPAA Security Rule
The HIPAA Security Rule applies to PHI only in electronic form - essentially, patients' medical records and other personal health care information, It mandates that electronically stored or transmitted personal health information be kept confidential and protected against unauthorized users and any threats to its security or integrity. The rule is intended to set a minimum level or floor of security. Some businesses may find that their business strategies require stronger protections.