About HIPAA (Medical Privacy)

The Health Insurance Portability and Accountability Act (HIPAA) took effect on April 14, 2003 and is identified as Public Law 104-91. HIPAA establishes privacy standards to protect patient information. These standards are found in the HIPAA Privacy Rule (PDF file) and apply to health plans, clearinghouses and providers who transmit and store medical information electronically.

Developed by the Department of Health and Human Services (HHS), HIPAA represents a uniform, Federal floor of privacy protections for consumers across the country. These standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. State laws providing additional protections to consumers are not diminished by this new rule; in general, the law that provides the greatest protection to patients is the one that prevails, or there are times when all Federal and State laws can be in effect simultaneously.

HIPAA ensures that the health care industry speaks one common language when transmitting health plan enrollment, eligibility requests, authorizations to render health care, claim submissions, remittance advices, and status of claim payment requests and responses. These standards are found in the HIPAA Transaction and Code Set Rule.

The HIPAA Privacy Rule covers all forms of protected health information, including paper records, verbal communications, and electronic transmissions. The HIPAA Security Rule (PDF file), implemented in April 2005, covers electronic protected health information. The Security Rule requires entities covered under the Privacy Rule to assess, mitigate, and manage the security of electronic protected health information that they receive, create, or maintain.

Due to its organizational structure, the County of Orange has been identified as a hybrid entity under HIPAA. As a hybrid entity, the County must identify the programs within the County's Agencies/Departments that deal with protected health information and designate them as health care components. These designated components are mandated to comply with HIPAA regulations.

HIPAA regulations require covered entities to assign a Privacy Officer and a Security Officer to create and implement policies and procedures necessary to comply with HIPAA and to receive privacy-related complaints. If you have questions regarding HIPAA, you may contact the HCA HIPAA Coordinator.

For more about HIPAA, click on California Office of Health Information Integrity or the CMS HIPAA Site.

Read about downloading files.