The Health Insurance Portability and Accountability Act (HIPAA) took effect on April 14, 2003 and is identified as Public Law 104-91. HIPAA establishes privacy standards to protect patient information. These standards are found in the HIPAA Privacy Rule (PDF file) and apply to health plans, clearinghouses and providers who transmit and store medical information electronically.
Developed by the Department of Health and Human Services (HHS), HIPAA represents a uniform, Federal floor of privacy protections for consumers across the country. These standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. State laws providing additional protections to consumers are not diminished by this new rule; in general, the law that provides the greatest protection to patients is the one that prevails, or there are times when all Federal and State laws can be in effect simultaneously.
HIPAA ensures that the health care industry speaks one common language when transmitting health plan enrollment, eligibility requests, authorizations to render health care, claim submissions, remittance advices, and status of claim payment requests and responses. These standards are found in the HIPAA Transaction and Code Set Rule.
The HIPAA Privacy Rule covers all forms of protected health information, including paper records, verbal communications, and electronic transmissions. The HIPAA Security Rule (PDF file), implemented in April 2005, covers electronic protected health information. The Security Rule requires entities covered under the Privacy Rule to assess, mitigate, and manage the security of electronic protected health information that they receive, create, or maintain.
Due to its organizational structure, the County of Orange has been identified as a hybrid entity under HIPAA. As a hybrid entity, the County must identify the programs within the County's Agencies/Departments that deal with protected health information and designate them as health care components. These designated components are mandated to comply with HIPAA regulations.