WEST VIRGINIA STATE
GOVERNMENT
HIPAA PROJECT MANAGEMENT OFFICE
The Health Insurance Portability and Accountability Act of 1996
(HIPAA) was enacted August 21, 1996. Title I of the Act seeks to
protect individual rights to health insurance coverage during events
such as changing / losing one’s job, pregnancy, moving, divorce, etc.
HIPAA Title I additionally provides rights and protections for employers
when obtaining and renewing health coverage for their employees. Title
I has already been implemented. It is HIPAA Title II that this project
and charter addresses.
Title II of HIPAA includes the Administrative
Simplification Act, which requires improved efficiency in healthcare
delivery by standardizing electronic data interchange (EDI) and
mandating the protection of patient confidentiality (privacy) and the
security of health data through the setting and enforcing of standards.
HIPAA Title II requires:
- Standardization of electronic patient health, administrative, and
financial data
- Unique
identifiers for employers, health plans, and health care providers
- Standards
protecting the confidentiality (privacy) and integrity of “individually
identifiable health information”
All healthcare organizations are affected by HIPAA. This
includes health care providers regardless of size, health plans, public
health authorities, life insurers, clearinghouses, billing agencies,
information systems vendors, etc.
Sanctions for non-compliance with HIPAA can be both
civil and criminal. Fines range from $100 per violation up to $25,000
for multiple violations of the same standard in a calendar year.
Additionally, there are fines up to $250,000 and/or imprisonment of up
to 10 years for intentional misuse of individually identifiable health
information.
With the passage of the American Recovery and Reinvestment Act of
2009 penalties may range from $100 to $1,500,000. These penalties may be
assessed against individuals and HIPAA covered entities. Included in the
ARRA was a civil right of action not previously allowed.