Clearing up the Confusion: A Multi-Part HIPAA Series

Clearing up the Confusion: A Multi-Part HIPAA Series

Written by Chad Schiffman, MHA, MSHI @Chad_HCA

Last week while attending a conference, I was asked about my responsibilities as a Compliance Specialist Manager. I briefly provided an overview, and discussed how keeping up-to-date with rules and regulations in healthcare are some of my most taxing responsibilities. Then, someone quickly responded to me saying: "You are one of those abbreviation guys responsible for keeping up with all the abbreviations in healthcare! Aren't you?!?"

I responded in the affirmative. In many ways, her remark is true. In the world of healthcare compliance, abbreviations are similar to a bowl of proverbial alphabet soup constantly keeping track of them becomes a daily chore.

Of all the abbreviations, perhaps there isn't one more important (or at least more prevalent today) than HIPAA. This conversation prompted me to address what many administrators, providers, and business associates sometimes mistake when they think of this Act. In Part 1 of this series, we will provide a brief overview of HIPAA.

Part 1 HIPAA vs "HIPPA"

HIPAA is the abbreviation for the Health Insurance Portability and Accountability Act of 1996.

The goals of HIPAA include:

  • Information efficiency by creating a simpler more standardized system
  • Reduction of paper claims
  • A reduction of errors through safe and universally accepted electronic transactions
  • Lowered health care costs
  • Privacy and security in the US health care industry

HIPAA provided the framework for the evolution of HIPAA rules including the HIPAA Privacy Rule and the HIPAA Security Rule. The HIPAA Security Rule and the HIPAA Privacy Rule are two distinct rules.

  • The Privacy Rule covers the policies and procedures that must be in place to ensure that the patient's health information is protected and their rights are upheld.
  • The Security Standard accompanies the Privacy Rule. In order to protect the health information security entities will be expected to have security safeguards in place.

"HIPAA" is often misspelled "HIPPA"

At one point or another, many of us have accidentally mis-typed HIPAA as "HIPAA". Maybe subconsciously, we relate the term to the infamous hippopotamus which many of us call a "hippo" and this has played a role in our misspelling. Whatever the reasoning, today, I am going to argue in defense of this misspelling.

Being "one of those abbreviations guys" I thought it would be fun to look at what "HIPPA" as an abbreviation could represent:

"H" - In HIPAA the "H" represents "Health." This also works for our new HIPPA abbreviation since this act is providing protection within healthcare; however, it could also represent Human. Sometimes, for healthcare professionals, we forget that the Privacy Rule gives you ("human") rights over your health information and sets rules and limits on who can look at and receive your health information.

"I" - Our new "I" could easily stand for "Information" as in "Health Information." With the privacy rule covering policies and procedures that must be in place to ensure that patient health information is protected, "information" makes a whole lot of sense.

"P" - As mentioned above the "P" in HIPAA is for "Portability." In HIPPA, "Portability" also makes sense. Would it also make sense for the "P" to stand for "Patient?"

At this point you can probably see where this is going.

"P" - For the purposes of this section, the second "P" will represent "Privacy."

"A" - Finally, the "A" could easily stand for "Amendment" or "Announcement," especially given the many changes, interpretations, and additions made to the HIPAA act over the past two decades. I think it is safe to say that we that these amendments and announcements are not going to end any time soon given the speed of technological innovations and changing pace of society.

What does it all mean?

As mentioned above, HIPAA provided the a framework for the evolution of HIPAA's two distinct and critical rules: the HIPAA Privacy Rule; and the HIPAA Security Rule. Our new acronym continues that evolution and defines a key aspect of this commonly misspelled act, which is the protection of sensitive patient healthcare information.

Next week, in part 2 of our article series, we will aim to clear up HIPAA Privacy Rule confusion, including a discussion about modifications provided by the HIPAA/HITECH Act and Omnibus Final Rule.

If you have any questions or concerns about HIPAA, please feel free to comment below, send us an email at, or reach us toll-free at 855-427-0427.

April 28, 2015