Skip to content

Health Insurance Portability and Accountability Act (HIPAA)


The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established national standards, known as the HIPAA Privacy Rule to protect the privacy and security of health information, and the HIPAA Security Rule to protect health information that is stored and transmitted electronically.

HIPAA Privacy Rule


The HIPAA Privacy Rule was established to protect the privacy and confidentiality of health information. The Privacy Rule requires covered entities (e.g., health care providers, health plans, health care clearinghouses) to receive authorization from an individual before using or making disclosures to others about protected health information (PHI).

HIPAA requires covered entities to receive authorization from an individual before using or making disclosures to others about protected health information (PHI). Authorization is generally not required if disclosure of PHI is for purposes related to treatment, payment, or health care operations.

DHSS has created a HIPAA compliant authorization forms for use by DHSS agencies to ensure that any use or disclosure of PHI is completed in compliance with HIPAA.

HIPAA Privacy Rule Resources for Individuals
HIPAA Privacy Rule Resources for Health Care Professionals

HIPAA Security Rule 


HIPAA also established national standards known as the HIPAA Security Rule which adopted national coding standards and safeguards to protect health information that is stored or transferred in electronic form. The primary goal of the HIPAA Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt and use new technologies to improve the quality and efficiency of patient care.

For more information about the HIPAA Security Rule, visit the U.S. Department of Health and Human Services’ Summary of the HIPAA Security Rule.
 
HIPAA Security Rule Resources for Health Care Professionals