Frequently Asked Questions (FAQ)

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. HIPAA provides national standards to protect the privacy of personal health information. This act also requires employers to provide a Certificate of Creditable Coverage for employees and dependents who lose health insurance coverage. The Certificate of Creditable Coverage can reduce the period of any limitation or exclusion for a pre-existing health condition an employee who has lost health coverage or if a dependent seeks to enroll in another health plan. A Certificate of Creditable Coverage is automatically sent to an employee or dependent after a job termination.

Who must comply with HIPAA?

Any healthcare organization, healthcare provider, clearinghouse, or payer that electronically processes medical-related data must be in compliance. Additionally, healthcare organizations that electronically store or transmit medical information whose usage can be traced to a specific person must comply with HIPAA’s security regulations.
Other organizations that do business with these entities and use protected health information in the course of their business are also affected.

What are the penalties for non-compliance?

A person who knowingly violates the provisions of HIPAA may be subject to a fine of $50,000 and / or 1 year in prison for each offense. If the offense was committed under false pretenses then the fine may be raised to $100,000 and the prison term may be increased to 5 years in prison. Finally, for the most heinous HIPAA violations where the offense was committed with the intent to sell, financially benefit or maliciously use someone’s personally identifiable medical information the fine can be raised to $250,000 and the prison term may be increased to 10 years in prison. Smaller civil fines of around $100 per violation may also be imposed.

Applications