Five major components:



           –  HIPAA Title I, “Health care access, portability and renewability,” employers and health plans must allow
                a new employee’s medical insurance coverage to remain continuous without regard to pre-existing conditions.

           –  HIPAA Title II, Known as the Administrative Simplification (AS) provisions, requires the establishment
                of national standards for electronic health care transactions and national identifiers for providers,
                health insurance plans, and employers.


           –  HIPAA Title III, Introduces new tax rules related to healthcare treatment.

           –  HIPAA Title IV, Includes additional details on reform and insurance law with protections for those
                who have pre-existing conditions and individuals who want to maintain their insurance.

           –  HIPAA Title V, Gives guidelines for life insurance policies that are owned by businesses
                and how to handle income tax specifics when someone has their US citizenship revoked.



        The section of HIPAA for providers, processing, transferring and/or storing health data is Title II. This part of the law
        is often called “Administrative Simplification provisions.” This provision establishes and describes five elements:

           –  National Provider Identifier Standard
               10-digit NPI (national provider identifier) numbers must be assigned to all healthcare entities.
               Created to improve the efficiency and effectiveness of the electronic transmission of health information.
           –  Transactions and Code Sets Standards
                An objectively approved protocol must be used in electronic data interchange (EDI).
                This allows the electronic exchange of information from computer to computer without human involvement.
           –  HIPAA Privacy Rule
                Patient health information (PHI) must be protected.

           –  HIPAA Security Rule
                Rule delineates expectations for the safeguarding of patient data.

           –  HIPAA Enforcement Rule
                Subsection of the law provides parameters with which companies should be investigated
                for potential or alleged violations.



        A critical component that is an expectation set forth in the HIPAA Privacy Rule
        to ensure compliance is “minimum necessary” protection. “Minimum necessary” defined by HHS:

           –  “The Privacy Rule generally requires covered entities to take reasonable steps to limit the use or
                disclosure of, and requests for, protected health information to the minimum necessary to accomplish
                the intended purpose.”




        For more information: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html