HIPAA

The Health Insurance Portability and Accountability Act took effect on April 14, 2003. HIPAA is about the privacy of medical and health information. More specifically, how this information is processed, protected and handled by health plans, health care providers.

In March of 2013, the Security and Privacy standards were substantially modified by the adoption of final federal regulations. These regulations were enacted under authority of the American Recovery and Reinvestment Act of 2009, and are commonly known as the “ARRA/HITECH” rules (ARRA/Health Information Technology for Economic and Clinical Health). The subsequent rules were adopted to strengthen the privacy and security protection for individuals’ health information; modify the rule for privacy breach notification for Unsecured Protected Health Information (Breach Notification Rule) under HITECH; and modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic

Information Nondiscrimination Act of 2008 (GINA). The ARRA/HITECH final rules can be found at http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf.