Content | Navigation |

HIPAA: Health Insurance Portability and Accountability Act



The Health Insurance Portability and Accountability Act (HIPAA) was passed in Congress in 1996. This is the first federal law covering the privacy of health information. Though it establishes a minimum national standard, states may have more restrictive laws. HIPAA can be broken down into four main components:

  • The first component of the law provides for continuity of health care coverage, limited exclusions for pre-existing conditions, and prohibits discrimination based on health status.
  • The second component of the law deals with standardizing formats, codes and ID's in the health industry.
  • The third and fourth components of HIPAA require privacy and security protections of your protected health information (PHI).

The HIPAA privacy rules apply to health care providers, health plans, and health care clearinghouses as defined in the rules as "Covered Entities." Any information, whether spoken or recorded, related to the past, present or future physical or mental health of an individual is called "Protected Health Information," or PHI. The HIPAA privacy rules outline how PHI can be used or disclosed. PHI can only be used or disclosed under certain circumstances. Whenever a covered entity uses or discloses PHI, it must take reasonable steps to only use the minimum amount of information necessary to accomplish the task.

Disclosures are permitted for treatment, payment and as part of health care operations. This is often known as TPO. The rules require that a notice be given to the consumer/patient on how the covered entity will use his/her PHI. Consumers/patients have a right to see and copy their medical records, as well as obtain an accounting of the disclosures of the PHI over the past six years. They also have the right to amend their records. Under HIPAA, covered entities must train their staff on HIPAA requirements as well as have appropriate safeguards in place to ensure privacy.

It is important to educate yourself on HIPAA, not only as an employee to comply with privacy requirements, but also as an individual to know your rights as a consumer/patient.


The use of other HIPAA website links on this site does not imply endorsement. It is just a means to provide further information.


Matthew G. Hammer, HIPAA Coordinator
HIPAA (Health Insurance Portability and Accountability Act)
NDSU Dept. 1020, 202 Old Main
P.O. Box 6050
Fargo, ND  58108-6050

Phone:  701.231.6446

Student Focused. Land Grant. Research University.

Follow NDSU
  • Facebook
  • Twitter
  • RSS
  • Google Maps

Provide footer content in Storage > FOOTER1

Last Updated: Wednesday, June 10, 2009