Skip to Main Content

For Patients

Privacy Office

The Health Insurance Portability and Accountability Act of 1996, also known as “HIPAA,” is the most significant development in U.S. health care in recent history.

Enacted by Congress on August 21, 1996, HIPAA’s initial purpose was to ensure and improve the continuity of health insurance coverage for workers changing jobs. To facilitate this objective however, HIPAA included “Administrative Simplification” provisions that mandated the Department of Health and Human Services (HHS) to adopt national standards for the transmission and protection of health information. The resulting national standards are far-reaching in scope, causing HIPAA to affect nearly every aspect of the U.S. health care system.

In response to the HIPAA mandate, HHS adopted and published the following national standards for the transmission and protection of health information. These HIPAA standards are applicable to all health plans, health care clearinghouses, and health care providers, which the HIPAA statute defines as covered entities.

HHS HIPAA Administrative Simplification

National Provider Identifier (NPI) Page 1

Effective Date: 5/23/2005

Establishes national standards for a single and unique identifier for all health care providers. When implemented, all provider will use the NPI for all healthcare transactions. The NPI facilitates the effective and efficient coordination of benefits between covered entities.

Security Page 1

Effective Date: 4/21/2003

Establishes national standards for the security of electronic health information. Outlines administrative, technical and physical security procedures for covered entities to ensure the confidentiality, integrity and availability of electronic protected health information.

Privacy Page 1

Effective Date: 4/14/2001

Establishes national privacy protection standards for health information, in all forms, created or maintained by covered entities (health plans, health care clearinghouses, and health care providers).

Transactions & Code Sets Page 1

Effective Date: 10/16/2000

Establishes national standards for the electronic transfer of information within the health care system. Allows covered entities to exchange electronic medical, billing, benefits, claims and other information in a standard format that is both fast and cost effective. Health organizations must adopt standard code sets to be used in health transactions. Coding systems that describe diseases, injuries, and other health problems, as well as their causes, symptoms, and actions taken must become uniform.


As part of the American Recovery and Reinvestment Act of 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law in order to promote the adoption and meaningful use of health information technology (HIT). By investing in HIT the HITECH Act seeks to improve patient care and reduce health costs. It also includes incentive programs administered by the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator of Health Information Technology (ONC). The programs are available to eligible providers and eligible hospitals that “meaningfully use” certified electronic health record technology (CEHRT) and meet certain thresholds. The provider must also submit information on the quality of care to the Secretary of Health & Human Services (HHS).

Meaningful use is established when using CEHRT to:

  • Improve quality, safety, efficiency and reduce health discrepancies
  • Engage patients and family
  • Improve in public health and care coordination
  • Maintain the security and privacy of health information

Compliance in meaningful use will result in:

  • Better clinical outcomes
  • Improved outcomes of population health
  • An increase in transparency and efficiency
  • Individuals being empowered
  • Better research data on health systems

Meaningful use criteria and objectives will evolve during a five year span. Stage 1 includes data capture and sharing. Stage 2 will advance clinical processes. Stage 3 focuses on the improvement of outcomes.

The HITECH Act accomplishes four major goals through the use of HIT by:

  • Developing standards that allow nationwide electronic exchange and use of health information.
  • Investing in HIT infrastructure, Medicare and Medicaid incentives in order to encourage doctors and hospitals to use HIT to electronically exchange patient’s health information.
  • Saving the government billions through improvements in quality of care, care coordination, medical errors and duplicate care.
  • Strengthening privacy and security law to protect identifiable health information.

The HITECH Act strengthens the enforcement of the HIPAA rules, addressing the concerns associated with the electronic transmission of health information through:

  • Breach notifications being required for individuals if an unauthorized disclosure or use of their health information occurs.
  • Entities that do work on behalf of providers and insurers are now subject to the same privacy and security rules as the providers and health insurers themselves.
  • Patients being able to request disclosures of their health information.
  • Patients must grant authorization in order for their health information to be used in marketing and fundraising activities.
  • Increased penalties for privacy and security law violations and provides more resources for enforcement and oversight activities.

Sources - HITECH Enforcement
CMS - Promoting Interoperability Programs
Health IT - Meaningful Use