1. HIPAA – Application and Benifit
PPT Submitted to
BENGAL SCHOOLOFTECHNOLOGY
Submitted By
NAME: SUSMITA GHOSH
COURSE: M.PHARM.
YEAR/SEMESTER: 1st YEAR / 1st SEM.
ROLL NO: 19320323014
SUBJECT: REGULATORY AFFAIRS .
SUBJECT CODE: MPT 1064
2. INTRODUCTION
The healthcare information of every patient is sensitive. A patient's health details often contain their family
medical history and financial information, making it all the more crucial to secure and safeguard it. This is
why the Health Insurance Portability and Accountability Act (HIPAA) was introduced.
The first part is "Health Insurance Portability part of the Act“
• To ensure that individuals would be able to maintain their health insurance between jobs.
The second part of the Act is the "Accountability" portion.
• To ensure the security and confidentiality of patient information/data and mandates uniform standards
for electronic data transmission of administrative and financial data relating to patient health
information.
3. HIPAA (Health Insurance Portability and Accountability Act)
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law passed by the
Department of Health & Human Services in 1996. It is aimed at protecting the personal data of patients from
public access. The mandatory compliance of HIPAA helps in preventing the misuse of this information.
OBJECTIVES OF HIPAA
The critical goals and objectives around which HIPAA revolves are as follows:
Privacy of health information
Security of electronic records
Administrative simplification
Insurance portability
To make law easier for people to keep health insurance.
Help healthcare industry to control Administrative cost.
4. TITLES OF HIPAA
HIPAA is divided into the following five titles:
Title I: HIPAA Health Insurance Reform : Health insurance coverage is protected under Title I for people who lose or
change jobs. It also forbids corporate health plans from rejecting coverage to those with certain diseases or pre-existing
conditions.
Title II: HIPAAAdministrative Simplification : The bill instructs the US Department of Health and Human Services to
develop national standards for the processing of electronic healthcare transactions. It also mandates that healthcare
organizations implement secure electronic access to health data and adhere to HHS privacy laws.
Title III: HIPAA Tax-Related Health Provisions : Contains tax-related provisions as well as medical-care guidelines.
Title IV: Application and Enforcement of Group Health Plan Requirements : Defines health-care reform in further
detail, including provisions for people with pre-existing diseases and those who want to keep their current coverage.
Title V: Revenue Offsets : Covers things like company-owned life insurance and how people who lose their US
citizenship are taxed.
5. ELEMENNTS OF HIPAA
PRIVACY RULE SECURITY RULE
• This rule protects the privacy of the personal
health information of an individual.
• It sets limits and conditions on the further
uses and disclosures of such information
without the patient’s authorization.
• According to this, appropriate administrative,
physical, and technical measures should be
adopted to ensure the confidentiality, integrity,
and security of the patient’s health information.
• Policies and procedures to ensure the health
organization’s compliance with HIPAA.
6. Protected Health Information (PHI) under HIPAA
Under the HIPAA act, PHI is considered any individually identifiable health information related to the past,
present or future physical or mental condition of an individual.
It can also include demographic information that links directly to such health information.
This means that any data collected by a doctor, hospital, clinic, pharmacist, and health plan falls under the
protection of HIPAA.
PHI maintained or transmitted in electronic form (i.e., PHI that is saved in a Word document or sent via email)
is referred to as electronic PHI or ePHI
7. IMPORTANCE OF HIPAA
1. Improved standardization :
Universal code sets and identifiers make transferring information between healthcare providers simpler and
more secure.
2. Stronger data security :
Administrative, physical, and technical safeguards protect sensitive information, from names and addresses
to social security numbers..
3. Better access control :
Patient access requests must be honored within 30 days, allowing new providers to access medical histories
and provide better care.
4. Greater accountability :
Covered entities that fail to protect PHI are subject to strict fines and, in some cases, criminal penalties.
8. HIPAA Compliance
HIPAA laws are a series of federal regulatory standards outlining the lawful use and disclosure of protected
health information in the United States. HIPAA compliance is regulated by the Department of Health and
Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
HIPAA compliance is a living culture that healthcare organisations must implement within their business to
protect the privacy, security, and integrity of protected health information . In addition to ensuring sensitive
patient information is protected and secured.
HIPAA compliance is critical for healthcare organisations to avoid legal and financial penalties.
9. HIPAA - Compliant
Understanding which entities must comply with these regulations is crucial for maintaining data privacy and
avoiding potential penalties. In general, there are two main categories of organisations that must be HIPAA-
compliant:
• Covered Entities.
• Business Associates.
1. Covered Entities
Covered entities (CEs) are those directly involved in providing or administrating healthcare services. They include:
• Medical practitioners, such as physicians, dentists, pharmacists, and nurses; hospitals; clinics; nursing homes; and
other healthcare providers delivering or administering medical care.
• Health plans: These organisations offer health insurance coverage, such as HMOs (health maintenance organisations),
PPOs (preferred provider organisations), Medicare/Medicaid programmes, employer-sponsored health plans, and others.
• Healthcare clearinghouses: These businesses process nonstandard PHI into a standard format for electronic
transmission between covered entities.
10. 2. Business Associates
Business associates (BAs) are third-party service providers who access PHI while performing services on behalf of
covered entities.
Business Associate Agreement
A Business Associate Agreement is a legal and binding contract between a business associate and another
entity or person. The agreement clearly states what PHI is to be shared, how it will be used by the receiving
party, and when/how it may be terminated.
11. CONCLUSION
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was
enacted on August 21, 1996. Sections 261 through 264 of HIPAA require the Secretary of HHS to publicize
standards for the electronic exchange, privacy and security of health information.
ACKNOWLEDGEMENT
I would like to express my special thanks of gratitude to my respected teachers Dr. Debasish Bhattacharjee & Mrs .
Dishari Dutta & Mr. Utpal Mishra , for give me the golden opportunity to do this report.
12. REFERENCES
1. Summary of the HIPAA privacy rule , https://www.hhs.gov/hipaa/for-professionals/privacy/laws-
regulations/index.html#:~:text=The%20Health%20Insurance%20Portability%20and%20Accountability%20Act%
20of%201996%20(HIPAA,and%20security%20of%20health%20information , 25/12/2023 , 6:00pm.
1. HIPAA, the Privacy Rule, and Its Application to Health Research ,
https://www.ncbi.nlm.nih.gov/books/NBK9573/ , 25/12/2023 , 7:00pm.
1. HIPAA Basics Overview , https://uwm.edu/hipaa/overview/hipaa-basics-overview/ , 26/12/2023 , 4:00pm.
