The Administrative Simplification or Title II of HIPAA sets a national standard to:
Protect the privacy of an individual's health care information in any format. This includes oral, physical, and electronic media.
Ensure the security of an individual's health care information that is maintained or transmitted electronically when created, used and disposed.
Standardize the transaction and code sets to exchange information within the health care industry to improve efficiency. To effectively implement these requirements three rules were created.
All covered entities that create or receive health information related to the past, present, and future medical condition of an individual as well as all fiscal transactions relating to the delivery of health care services are required to follow the privacy rule. The rule covers the use and disclosure of health information about an individual in any format. This includes oral communication, paper records, and electronic media. All covered entities were required to implement the required standards of this rule by April 14, 2003
This rule applies to all covered entities and standardizes the transactions and code sets for electronic transfer of information. It also indicates the oversight bodies responsible for maintaining these sets. All covered entities were required to implement the required standards of this rule by October 16, 2003
Any electronic protected health information, (ePHI), that is received, created, maintained or transmitted by a covered entity is covered must be protected under the security rules. It stipulates the requirements necessary to secure health care information in electronic format on any media. All covered entities were required to implement the required standards of this rule by April 21, 2005 with the exception of small covered entities. Small covered entities have until April 21, 2006 to complete their implementation procedures. A small covered entity is one with annual receipts less than five million dollars. This step by step guide will assist you and your organization in implementing this rule. It will compliment the security requirements in the privacy rule and show you how the two rules work together.