In 1996, Congress passed the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA. HIPAA’s stated purpose was to provide Americans with privacy measures designed to protect personal healthcare-related information. Yet soon after it became law, critics argued that HIPAA “lacked teeth”, noting that the only remedy for violations of the law was to report the wrongdoer to the Department of Health and Human Services.
Congress strengthened HIPAA in 2009 when it passed the Health Information Technology for Economic Clinical Health Act (“HITECH”). Under HITECH, entities subject to HIPAA are now required to maintain specific physical, administrative, and digital protection procedures. HIPAA now imposed many other requirements for those affected by the law, such as requiring breaches of patient information be reported to affected parties in a timely manner. Further, the law substantially increased the fines that HIPAA-covered entities must pay for violations.
It is imperative that accountants and financial professionals familiarize themselves with HIPAA’s requirements. Under HITECH, businesses must comply with HIPAA’s data privacy guidelines if they work with HIPAA-covered businesses; that is, any business in the healthcare industry. Professionals who are not familiar with HIPAA fundamentals run the risk of subjecting themselves and their company to civil liability and severe penalties.
Anyone in the accounting or financial services profession who seeks to understand HIPAA and how it impacts their practice. Also, accounting and financial professionals who counsel individuals or business owners that are considered HIPAA-covered businesses
General familiarity with the accounting and business principles