The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes seven distinct sets of rules that will affect medical practice. The DHHS, or Department of Health and Human Services, issues these in the form of the "Notice of Proposed Rule Making" or NPRM. What this notice states is that every practice, regardless of size, must comply with HIPAA privacy, security and transactional regulations. What's more, all subsequent regulations must also be adhered to.
As its title suggests, the HIPAA was signed into law in 1996. But, as of 2002, only the portability aspect of the bill (which protects people with current or pre-existing medical conditions when they apply for health insurance) has been fully implemented. Now, the accountability aspects of the law are beginning to be properly addressed.
Taken as a group of regulations, the HIPAA standards require major changes to how healthcare organizations handle information management, including coding, security, patient record management, reimbursement and care management.
Its provisions include stringent codes for uniform transfer of electronic data, including routine changes and billing. Also of note are new patient rights regarding their personal health information, including the right to access this information and to limit its disclosure.
There are also specific procedural, physical and technological security protections which all health care organizations, including physician practices and clinics, must take to ensure their patients have required confidentiality with regards to their medical information.