The Health Insurance Portability and Accountability Act (HIPAA) is a federal law passed by Congress to address many healthcare issues. However, when people refer to “HIPAA” these days, they’re often talking about a subsection under Accountability titled, Administrative Simplification. Its objectives are: improve healthcare delivery, reduce administrative costs, and protect the security and privacy of certain personal health information. To achieve these objectives, the Department of Health and Human Services (HHS) issued rules that establish standards how certain health information will be used and protected.


HIPAA’s Privacy Rule establishes patient privacy rights and privacy controls through standards about how to use and protect patient information. These requirements must met by April 14, 2003. Although patient privacy has been one our long-standing operational guidelines, we did enhance our on-going staff training, policies, procedures, information system applications and more to enhance privacy and comply with the standards. See our Notice of Privacy Practices or contact our Facility Privacy Official for more information about your rights and our privacy procedures.


HIPAA’s Security Rule establishes standards to protect not only the confidentiality of Protected Health Information, but also the availability and integrity of the information. The security standards complement the privacy standards. All security requirements and standards must be in place by April 2005. We have already satisfied many of the requirements and will meet others before the deadline. Also, our technical and administrative security processes will continue to be enhanced on an on-going basis.

Electronic Transactions and Code Sets

HIPAA’s Electronic Transactions Rule establishes standardized transaction content, formats, diagnostic and procedure codes for eight transaction types (e.g. health care claim) and six medical code sets (e.g. ICD-9-CM). The compliance deadline is October 2003. As of April 2003, we have changed some information system applications or processes to meet the standards, and we have started testing with clearinghouses and payors to confirm processing is working correctly before the October deadline.

Why We Have HIPAA

The U.S. needs to continue to improve healthcare but cut costs at the same time. Americans spent $1.3 trillion on healthcare in 2000. That was 14.3 cents of every dollar of our Gross Domestic Product, and the percentage is growing. Healthcare is our economy’s largest industry, yet it also has the highest administrative costs largely due to redundancies and lack of standards. For example, before HIPAA there were over 400 so-called “standards” for a health claim. HIPAA takes that to a single, money-saving standard.

The U.S. needs to improve the way we protect confidential patient information. Privacy, security and trust have always been important in the relationship between a patient and the healthcare system. However, there has not always been a consistent approach or safeguards to ensure this protection. This is especially true when this confidential patient information is in electronic format. HIPAA enables consistent and strong protection.

HIPAA Makes Sense

HIPAA is more than just about compliance with a law. It also makes good business sense. The standards and consistent approach will help the healthcare industry and our facility improve patient care and protect patient rights. And that’s the point. It’s the right thing to do. Protecting privacy and security gives our patients peace of mind, an important component of high quality patient care.