HIPAA Privacy, Security, Breach Notification, and Other Administrative Simplification Rules


This practice note discusses rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) impacting employers and the group health plans they sponsor. In particular, it covers HIPAA's (1) Privacy Rule and Security Rule, which are designed to ensure the confidentiality and integrity of, respectively, protected health information (PHI) and electronic PHI (ePHI); (2) Breach Notification Rule, which deals with breaches of PHI; and (3) Transactions Rule, which standardizes certain electronic transactions that involve health care data.