HIPAA, the Health Insurance Portability and Accountability Act, was signed into law in 1996. Its primary purpose is to provide continuous insurance coverage for workers who change jobs so that health insurance is "portable" from one employer to the next.

Protected Health Information

The following 18 items have been identified as Protected Health Information:
  1. Names
  2. All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes
  3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death
  4. Telephone numbers
  5. Fax numbers
  6. Electronic mail addresses
  7. Social security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device identifiers and serial numbers
  14. Web Universal Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, including finger and voice prints
  17. Full face photographic images and any comparable images
  18. Any unique identifying number, characteristic, or code.
Click here to learn more.

HIPAA Basics (effective April 14, 2003)

Transactions and Code Sets
This Rule creates standards involving the electronic transmission of health information and data and the codes that must be utilized to report healthcare services and goods to health plans, clearinghouses and providers. Click here to learn more.

This Rule creates national standards to protect individuals' personal health information and gives patients increased access to and control over their medical records. It also defines how their information can be used for marketing and research purposes. Click here to learn more.

Click here to learn more.

Employer Identifier
This Rule mandates that the Employer Identification Number (EIN) provided to employers by the Internal Revenue Service be utilized as the Employer Identifier when electronically submitting claims to insurers. Click here to learn more.

Provider Identifier
This Rule, which goes into effect on May 27, 2007, mandates the use of the National Provider Identifier when submitting claims to all insurers, including, but not limited to, Medicare and Medicaid. Every provider and facility needs its own, unique identifier. Click here to learn more. Audiologists can apply for a National Provider Identifier (NPI) or see a NPI Registry; click here.


Effective April 20, 2005

This Rule creates standards to protect the confidentiality and integrity of electronically maintained and submitted identifiable health information. Click here to learn more about the specifics of the Security Rule.


Effective February 17, 2010

The Administrative Simplification rules were established to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care, resulting in reduced costs. The rules also protect and secure an individual’s identifiable personal and health related information.

Following the requirements of the Administrative Simplification Compliance Act, the United States Department of Health and Human Services established national standards in three areas: Privacy, Security and Electronic Data Interchange. In late 2008, the Office of Civil Rights (OCR) provided additional guidance on the Electronic Exchange of Protected Health Information and HIPAA.

The American Recovery and Reinvestment Act of 2009 (ARRA) added provisions, known as Health Information Technology for Economic and Clinical Health (HITECH) Act. These provisions affect security and breach notification, specifically as it pertains to Business Associates, the use and disclosure of protected health information for marketing and fundraising purposes, the sale of protected health information and electronic medical records. It is important to familiarize yourselves with HITECH and make the appropriate modifications to the office Privacy, Security and Business Associate policies and documents to reflect these changes. HITECH’s implementation date was February 17, 2010. Click here to learn more.

HIPAA Omnibus 2013

Efective September 23, 2013 The US Department of Health and Human Services (HHS) recently announced new changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that can have a significant effect on audiology practices and the way they handle, manage and disclose a patient’s protected health information (PHI), business associates and an audiologists’ responsibilities related to their management of the PHI they are provided by your practice, and marketing. It also has strengthened enforcement and fines for non-compliance. The new rules take effect on March 26, 2013 and providers and business associates are required to comply with the applicable requirements by September 23, 2013.Click here to learn more.

Available Resources: