The Health Insurance Portability & Accountability Act of 1996 (HIPAA) ensures the protection of the privacy of personal health records by protecting the security and confidentiality of health care information.
HIPAA requires an improved efficiency in healthcare information delivery by standardizing electronic data interchange, and protection of confidentiality and security of health data. Almost all healthcare organizations, public health authorities, clearinghouses, self-ensured businesses, health providers, life insurers, service organizations and universities are bound by HIPAA. They are mandated to securely protect all patient health information (PHI) involved in electronic health transactions.
Penalties include fines of up to $25,000 for multiple violations of the same standard in a calendar year, or 250,000 and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information. The set of national standards took effect in 2003 and require health plans, doctors, hospitals, and other health care providers to ensure they are protecting the privacy and security of patients' medical information and using a standard format when submitting electronic transactions.