The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information (PHI) maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and to address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.
HIPAA legislation has evolved significantly since its earliest incarnation. Not only has the language of the Act been modified to address advances in technology, but the scope of the Act has been extended to cover Business Associates – third party service providers that perform a function on behalf of a HIPAA-Covered Entity that involves the use or disclosure of Protected Health Information (PHI).
The HIPAA regulations are policed by the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR). State Attorneys General can also take action against Covered Entities and Business Associates found not to be in compliance with HIPAA. Both OCR and State Attorneys General have the authority to impose financial penalties on Covered Entities and Business Associates for violations of HIPAA.
If you have any questions or concerns please contact us via the "help button" in the bottom right hand corner of the screen or email us at firstname.lastname@example.org.
Source: HIPAA Guide