Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Resources > IT Governance & Regulatory > Regulatory > Federal Regulations > Health Insurance Portability and Accountability Act
Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress on August 21, 1996. Organizations must become compliant by April 14, 2003 (April 14, 2004 for small health plans). The law requires any health care provider meet certain privacy standards with respect to personal health information. The Act specifically states that "a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information." The protection given must be for both intentional and unintentional disclosures of personal health information.  HIPAA applies to the following: a health plan, which is defined as an individual plan or group health plan that provides, or pays the cost of, medical care; a health care provider which is defined as a provider of medical or health services and any person or organization who furnishes, bills, or is paid for health care services or supplies in the normal course of business; or a health care clearinghouse which is considered to be a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements.