HIPAA 101: What does HIPAA stand for?

Let’s begin with the question What does HIPAA stand for? In full, HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, or the HIPAA Act for short. It’s a US privacy law to protect medical information like patients records and allow for confidential communication between patients and medical professionals.

The HIPAA Act was enacted August 21, 1996 by the 104th US Congress and signed by President Bill Clinton. The long title for the HIPAA Act specifies, “An Act To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes”.

The HIPAA Act is also known as the Kennedy Kassebaum Act since it was initially introduced in Congress as the Kennedy-Kassebaum Bill. Democratic Senator Edward Kennedy and republican Senator Nancy Kassebaum were two of the leading sponsors of the bipartisan bill. HIPAA had two main objectives as specified by Title I and Title II of the act.

What does HIPAA mean in daily practice?

So now we know what HIPAA means, but let’s see what it is HIPAA stands for when it comes to actual usage to answer the question “What does HIPAA mean in daily practice”?

Title I – Health Care Access, Portability, and Renewability

Title I protects health insurance coverage for workers and their families when they change or lose their jobs.

Title II – Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

Title II provisions require the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The provisions also address the security and privacy of health data. The HIPAA Administrative Simplification provisions require the Department of Health and Human Services (DHHS) to adopt national standards for unique health identifiers, security, electronic health care transactions and code sets. Medical Liability Reform provides for civil penalties to be assessed against health providers who fail to comply with the law.

HIPAA Rights of Privacy
HIPAA regulations provide rights of privacy for individuals, including those individuals aged 12 to 18. Under HIPAA regulations, health providers must have a signed disclosure from individuals before releasing any information related to their health care to anyone, including their parents. HIPAA applies to all health plans, healthcare clearinghouses, and healthcare providers that electronically transmit health information in connection with standard transactions. Standards for transactions are as defined under HIPAA by the Electronic Data Interchange (EDI) of administrative and financial healthcare transactions.

HIPAA laws specify that health providers must take responsibility for the authorized disclosure of Protected Health Information (PHI), but it does specify that notice of a breach of such information be provided to the individuals whose information was breached. To ensure that individuals are notified of security breaches of PHI, the Health Information Technology for Economic and Clinical Health (HITECH Act) was enacted in February 2009. HITECH was enacted as part of the 2009 American Recovery and Reinvestment Act (ARRA) to significantly change HIPAA Administrative Simplification provisions. Under HIPAA HITECH regulations, breaches must not only be disclosed to individuals, but when 500 or more individual’s information is breached, notice must also be sent to the DHHS and the media. In addition, HITECH increases the civil penalties for non-compliance and it provides for more enforcement.


The 1996 Health Insurance Portability and Accountability Act (HIPAA) was an attempt to reform health care and to balance the rights of individuals against the responsibility of healthcare providers. HIPAA incorporates a HIPAA Privacy Rule that protects the health information of individuals held by health plans, health care providers, state Medicaid agencies, health care clearinghouses and their business associates. HIPAA also incorporates a HIPAA Security Rule that establishes standards and safeguards that must be put in place to assure the integrity, confidentiality, and availability of electronic Protected Health Information (ePHI) relative to the access to stored information and the interception of transmitted information. The Department of Health and Human Services (DHHS) Office of Civil Rights has the responsibility for enforcing the HIPAA Privacy Rule and the HIPAA Security Rule. Through audits and investigations, the DHHS found that many healthcare providers willfully neglected to follow the rules established by the HIPAA or breached the Protected Health Information (PHI) that was held on individuals.

What does HITECH stand for?

HITECH stands for The Health Information Technology for Economic and Clinical Health (HITECH Act) and was signed into law as part of the 2009 economic stimulus bill, known as the American Recovery and Reinvestment Act (ARRA), to revise certain provisions of the HIPAA laws as they relate to privacy and security protections. HIPAA HITECH increases the scope of protections for individuals, increases penalties that may be levied against health providers for non-compliance and provides for more enforcement of established rules.

Scope of Protections
Under HIPAA regulations, individuals are granted specific rights with respect to the privacy of their identifiable health information, and HIPAA rules provides for the disclosure and sharing of that information with certain entities when they have a legitimate need to know. The HIPAA HITECH Act revises parts of the Social Security Act to expand upon the privacy and security protections granted to individuals under the HIPAA. The HIPAA HITECH Act specifies that heath care providers must implement a system of Electronic Health Records (EHRs), and the act provides for monetary incentives to those healthcare providers who are able to show “meaningful use” of their established EHRs until the year 2015. After 2015, healthcare providers will be penalized for failing to show such use of their EHRs. HITECH also specifies that individuals, or specified third parties, be entitled to an electronic copy of all ePHI that pertains to them.

HIPAA set guidelines for the disclosure of Protected Health Information (PHI), but it did not require disclosure to individuals when their personally identifiable information was breached. HITECH regulations require that breaches of health information be provided to impacted individuals via first class mail with an explanation of the breach and an indication of processes being put into place to resolve the breach. If a breach impacts 500 or more individuals, healthcare providers must notify those individuals and also the DHHS, the media and the State Privacy Officer.

Increased Penalties
HIPAA HITECH establishes four categories of violations, associated penalties and maximum penalty amounts for violations of the law. The HITECH Act imposes penalties against health providers even in cases where they did not know or would not have known of a violation, and exempts them from penalties if a violation was not a result of willful neglect and it was corrected within 30 days.

Conclusion & Further reading

So to answer the question “What does HIPAA stand for?, we can safely say HIPAA stands for two different purposes. First there are rules and regulations to enforce privacy and security rules on companies and individuals working in healthcare. But it also opened the door for a whole range of companies offering HIPAA certified products and services to assist healthcare professionals in abiding the HIPAA laws. These companies have developed software and services to assist in handling healthcare data.

HIPAA Acronym

Various people come to this page looking for answers on “What does HIPPA stand for“, “HIPPA stands for” or “What does HIPPA mean?”. Thousands of people are searching for HIPPA compliance, HIPPA laws, HIPPA trainingHIPPA certification or even HIPAA acronym . In fact, almost 1/3 of the people looking for information about the HIPAA acroynim, spells it as “HIPPA”. So to make sure everyone is on the right page, the correct HIPAA acronym is:

HIPAA: “The Health Insurance Portability and Accountability Act of 1996”.