What Does HIPAA Stand For?


MedPro Disposal provides HIPAA compliance training. As such, we’re always interested in digging into HIPAA and other healthcare regulation to ensure a higher level of understanding. The post below answers the question, “What does HIPAA stand for.” It also delves into other common questions, provides a tight HIPAA summary, and looks at related concerns like HITECH and PHI.

What does HIPAA stand for?

You’ve come to the right place.

“HIPAA” stands for:

  • Health: HIPAA is concerned with protecting health information.
  • Information: This means any personal, private info collected, stored, or transmitted by healthcare businesses.
  • Portability: HIPAA ensures that insurers and employers make it easier for employees to take health coverage from one job to another.
  • Accountability: The “accountability” part of the act means healthcare businesses are held accountable for breaches they create.
  • Act: The word “act” is used because HIPAA started as an “Act of Congress.” Once congress passed the act, it became law.

Download the HIPAA PDF below for easy reference.

HIPAA PDF. Click to download

HIPAA Summary

One question that goes with “What does HIPAA stand for?” is:

“What’s a good summary of HIPAA?”

Here’s a quick HIPAA summary to get you up to speed fast:

HIPAA is made up of five “titles.” Title I makes it easier for employees to get and keep health coverage, even when changing jobs. It’s the “portability” part of the law. Title II protects the privacy of identifiable patient information. This is the part of HIPAA that healthcare facilities worry most about.

Titles III-V contain regulatory details for taxes, revenue offsets, and Group Health Insurance.

Find Out How Much You Can Save Instantly.
Try our on-line savings calculator.

HIPAA Questions

What is the HIPAA law?

The answer to this question is almost identical to “What does HIPAA stand for?” Namely, it’s the Health Information Privacy and Accountability Act. It protects patient information and makes it easier to switch insurance plans without a gap in coverage.

What is the HIPAA Privacy Rule?

The Privacy Rule sets up standards that protect patient information in the healthcare world. It covers health plans, clearinghouses, and all other entities that handle health records.

When was HIPAA created?

The Health Insurance Portability and Accountability Act was created by the U.S. Congress in 1996. HIPAA was enacted to protect patient rights. It helps patients keep their own information sacred, and helps them transfer info from one health plan to the next.

What caused HIPAA to be created?

Before HIPAA, medical facilities could transfer a patient’s health info for almost any reason, even without permission. For example, if you applied for a home loan, the bank could get your medical records during the approval process. Also, employees moving to new jobs often sustained lapses in health insurance coverage that ended in financial ruin. So that’s why HIPAA was developed.

What Does HIPAA Do?

The answer to “What is the purpose of HIPAA” has four parts.

  • It stops the unscrupulous use of patient medical records by lenders and other institutions.
  • It holds healthcare companies accountable for breaches of that information.
  • HIPAA decreases coverage gaps when people move from one health plan to the next.
  • It cleans up a few other regulatory problems with U.S. healthcare.

Those four reasons are why HIPAA is important.

How does HIPAA impact the healthcare industry?

The law puts a lot of pressure on healthcare workers and organizations to protect private patient information (PHI).

Who is responsible for implementing and monitoring the HIPAA regulations?

HIPAA was created by the U.S. Congress in 1996. Today, the privacy and security portions of the law are enforced by the Office for Civil Rights (OCR). The Centers for Medicare and Medicaid Services (CMS) handles issues with Code Sets and portability.

What information is protected by HIPAA?

PHI (Protected Health Information) is protected by HIPAA. It includes:

  • Physical or mental health of the patient, either past, present, or future.
  • Health care received by the patient.
  • Payment for the health care.
  • Any and all “individually identifiable health information.”
  • Any info about the patient, including name, address, social security number, or birth date.

Who is Mandated to Follow HIPAA Requirements?

Who must follow HIPAA? Anyone who handles patient health data is subject to the Privacy Rule. The list of people who must comply with the HIPAA Privacy Rule includes:

  • Health Care Providers. This includes any clinic, hospital, practice, lab, or other facility that handles Protected Health Information.
  • Health Plans. These can be group plans or individual plans, including Medicaid and Medicare.
  • Health Care Clearinghouses. These entities process health information, and as such they must obey the Privacy Rule.
  • Business Associates. Business Associates are generally subcontractors that handle PHI for healthcare organizations.

That’s the short list of who is required to follow HIPAA laws.

Who is not required to follow HIPAA laws?

Here’s who is not required to follow the Privacy Rule:

  • Employers
  • Life Insurers
  • Some Law Enforcement Agencies
  • Some Municipal Offices
  • Workers Compensation Carriers
  • Some Schools and/or School Districts
  • Same State Agencies

That’s the full list of who is not required to follow the law, or in other words, who doesn’t have to follow HIPAA.

What Does HITECH Stand For?

Why is HITECH in an article on “What does HIPAA stand for?”

HITECH goes along with HIPAA because it’s a law that promotes Health Information Technology.

HITECH stands for:

  • Health
  • Information
  • Technology
  • Economic
  • Clinical
  • Health Act

The HITECH law of 2009 aims to move the U.S. to Electronic Health Records (EHR). Like HIPAA, it includes Privacy and Security provisions to protect PHI in the digital world.

The most notable HITECH privacy rule requires that entities covered by HIPAA must report data breaches in a timely fashion.

What Does PHI Stand For in the Medical Field?

In HIPAA, PHI stands for Protected Health Information.

In healthcare, PHI stands for the protected health information of patients, including any identifiable data. That includes seemingly innocent info like name or address.

How is protected health information used in healthcare?

PHI is used in healthcare in many ways, including tracking a patient’s medical history, ordering lab work, billing, and submitting claims to insurance.

What is considered protected health information under HIPAA?

What information is protected by HIPAA? A good rule of thumb is, “anything that conveys any health information about the patient.” That includes any medical information, in whole or in part, that can be identified by a patient name, address, social security number, phone number, or other identifier.

What information is not protected under HIPAA?

The law doesn’t protect employment records held by employers, education, and de-identified information. (For example, health data where the patient’s name, address, social security number, and other identifiers have been removed.)

Summary of HIPAA Privacy Act

Here’s a quick Privacy Act summary. This is by no means a comprehensive summary:

The Privacy Act is the part of HIPAA that protects patient health information. That’s opposed to the portability section of the law, that concerns switching from one plan to another. It’s also different from the other regulatory parts that cover taxes and revenue offsets.

In a nutshell, the Privacy Act can be summarized as follows: Any health plan, healthcare provider, clearinghouse, or “business associate” that handles PHI must protect it from unauthorized access.

Summary of HIPAA Security Rule

Here’s a quick Security Rule Summary. For a full summary, see the HHS.gov website.

The Security Rule is part of the Privacy Act (see above). Under the Rule, health care providers, health plans, clearinghouses, and business associates must protect electronic PHI from unauthorized access.

What Are the Consequences if the HIPAA Privacy Rule is Violated?

HIPAA violations that break the Privacy Rule are policed by the Office of Civil Rights (OCR). Anyone can file a HIPAA violation complaint online with the OCR. OCR reviews each complaint carefully.

If a patient’s rights were violated and the complaint was made within 180 days, OCR will take action. If the investigation assigns guilt to an organization, the organization must take corrective action and agree to a settlement. If the entity doesn’t comply, OCR may impose civil penalties. The organization can then request a hearing to defend itself.


This article is a catch-all that answers the question “What does HIPAA stand for?” The answer is, “Health Information Portability and Accountability Act. In truth, HIPAA protects patient health info, but it also makes health insurance more “portable” from one plan to the next.

Some people find this article by searching for “What does HIPPA stand for,” but the term actually has only one “P” and two “A’s.”

Do you have questions about HIPAA or comments about any of the information in this post? Give us a shout in the comments section! We’d love to hear from you.

Find Out How Much You Can Save Instantly.
Try our on-line savings calculator.


All info in this article is from HHS.gov

Scroll to Top