The Health Insurance Portability and Accountability Act (HIPAA) is a US statute enacted in 1996. The stated purpose of the act is to:

“improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”

The act contains five titles, with most of the rules applicable to PACS contained Title II (Preventing health care fraud and abuse; administrative simplification; medical liability reform). Rules in Title II include provisions for identifiers, transactions and code sets, privacy, and security.

While the main focus of HIPAA regulation was to simplify and standardize information exchange between insurance companies and providers, the stipulation that medical information must be exchanged in a manner that protects patient privacy has become the best-known part of the act.

HIPAA mandates that all patient information in a healthcare organization is to be secure, whether it is transmitted electronically or in written format. When implementing HIPAA, individual security requirements are divided into three categories: administrative safeguards, physical safeguards and technical safeguards.

As a United States statute, HIPAA applies to US healthcare institutions, and to US health care practitioners, and to any vendors that provide healthcare-related products and services to the US. Other countries similar regulations in place and/or are using the US HIPAA regulation as a guideline to determine privacy and security measures for medical information.

The HIPAA home page is: http://www.hhs.gov/ocr/hipaa/

A well-formatted copy of the HIPAA statute is posted at: http://hippo.findlaw.com/hipaa.html#Anchor2