HIPPA compliance? No, HIPAA compliance.
HIPAA is the Health Insurance Portability and Accountability Act of 1996. HIPPA is simply a typo. Probably in part because English would typically put two Ps together in the middle of a word (think oppose or appear), HIPAA is often wrongly spelled as HIPPA. It really is extremely difficult to remember how to spell HIPAA, and it is certainly easy to write the acronym incorrectly if you are moving quickly. This article explores topics related to the misspelled form HIPPA, partially as entertainment. It concludes with a brief outline of HIPAA and the Security Rule, more serious considerations.
How to remember the correct spelling of HIPAA
A simple way to remember the correct spelling for this key compliance acronym is to remember that it is NOT spelled like hippo. The other thing you can do is simply check that it matches the name of the bill: Health Insurance Portability and Accountability Act.
There is actually a kind of obvious mnemonic device for the correct spelling, although it is somewhat absurd. HIPAA, the correct spelling, can be separated into hip + AA. The mnemonic, then, is that healthcare law is a trendy sobriety meeting. Again, to get away from the hippo reference/language, you could say to yourself that HIPAA compliance is less like a safari, and more like a cool anonymous support group.
What is HIPPA compliance (the misspelled form)?
Again, to be clear: the healthcare compliance concern is HIPAA compliance. When a user types HIPPA into a search engine, it will even redirect to HIPAA results. If a person were to absolutely insist to want to know what “HIPPA compliance” is, your best and most accurate response would be that it means to follow the rules and guidelines of a decapod crustacean from the family Hippidae. If you were to be Hippa-compliant, probably your best bet would be to abide by the instructions of a Hippa admirabilis, simply because she has such a noble name.
Hopefully, this description makes it clear that HIPPA or Hippa compliance is not a concern of any legitimate business, while HIPAA compliance is.
Even attorneys misspell this term
We can first take as a given that the crustacean genus Hippa is not being discussed widely within courtrooms in the United States. However, let’s completely remove Hipaa searches as a factor and look only at the misspelling of the acronym. Thomson Reuters attorney editor Max Milstein researched these terms against one another back in 2012 by comparing H.I.P.A.A. vs. H.I.P.P.A. – so the search would only come up with the acronym. The results were 1773 for H.I.P.A.A. Meanwhile, there were 599 for H.I.P.P.A. That could mean that as many as 25% of the mentions in case law of either H.I.P.A.A. or H.I.P.P.A. were of the wrong version. However, that assumption is a little inflated. Milstein goes on to explain that he found 393 pages that only have the incorrect version H.I.P.P.A. In 98 instances, Milstein found cases that alternated between the two different forms in the same paragraph or adjacent ones.
Now let’s move outside of the law. If you look up “H.I.P.A.A.” and “H.I.P.P.A.” both today on the United States’ most popular search engine, you will find that the former, correct version has 22.1 million results, while the latter, incorrect version has 2.5 million results. There is a funny lawyer joke here, just based on this raw data: While up to 25% of attorney mentions were incorrect, the percentage for the general population was just 10% (2.5 million out of 24.6 million). It appears that attorneys are up to 150% more mistake-prone related to miswriting the term HIPAA than is the general population.
What exactly is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is US law that protects individuals’ healthcare through security and privacy rules for electronic records.
This legislation may not quite be a household term, but it is associated with a certain amount of notoriety in the wake of major healthcare hacks.
Here are the five Titles of HIPAA:
Title 1 – This part of the act made it more possible to move and retain health insurance (whether individual or group) by making changes to the Internal Revenue Code of 1986 (IRC), Public Health Service Act (PHSA), and Employee Retirement Income Security Act (ERISA). This title contains language that outlaws discrimination in the form of benefit restriction related to certain treatments or illnesses, or the establishment of lifetime maximums, unless these caps or levels were used for everyone within the same basic circumstances (rather than targeting people with specific health risks). The amount of time that a health plan or insurance carrier is able to exclude coverage of a preexisting condition is reduced within Title I; plus, it makes it possible to take “creditable coverage,” coverage on a previous health plan, and use it to further lower the time prior to acceptance of those conditions. Finally, when anyone is dropped from insurance because of losing a job, or in the event of death or divorce, Title I provides special ways for those people to enroll.
Title II – The federal criminal code and Social Security Act are adjusted by this title. With the intent to reduce abuse, waste, and fraud in healthcare systems, and to make healthcare administration simpler, this part of the act contains seven subtitles.
Title III – Rules on the inclusion of long-term care as a medical service, limits for healthcare expenses out of pre-tax health savings accounts, and tax deductions related to health insurance were all changes to the IRC within Title III.
Title IV – To enforce the regulations created by Title I about retaining insurance and treatment of preexisting conditions, PHSA and IRC were updated.
Title V – Here, tax deductions related to life insurance owned by a company were adjusted, as were rules for income tax when a person has their US citizenship revoked. It additionally removed the financial institution rule to interest allocation rules that were within the IRC.
Central to HIPAA is the Privacy Rule and Security Rule established within Title II. The Privacy Rule created national standards to protect types of health data. The Security Rule created standards for the electronic storage or processing of certain types of health data. Essentially, the Privacy Rule gives an individual protection, and the Security Rule provides some specific steps, both technical and otherwise, that health providers and others handling health data must follow. The Office for Civil Rights (OCR), a subagency of the Department of Health and Human Services (HHS), is charged with enforcement of those rules and the ability to provide sizable fines to noncompliant businesses.
In order to properly safeguard electronic protected health information (ePHI), the Security Rule makes it necessary to have certain physical, technical, and administrative protections in place. Both covered entities and their business associates (since the Health Information Technology for Economic and Clinic Health Act of 2009, or HITECH) must follow these four basic Security Rule demands, as indicated by the HHS:
- For all health data that is generated, received, stored, or transferred, the organization must be certain that the data is private, is of high integrity, and is highly available.
- Since data could be compromised by a threat that can often be seen beforehand, organizations should be able to recognize anything problematic and set up appropriate defenses.
- The HIPAA compliant organization should set up protections so that unauthorized disclosure and use of information is less likely to occur.
- The staff should be trained on compliance general information, along with their role in avoiding violations and keeping information private and secure.
A HIPAA-compliant (not HIPPA-compliant) host
As indicated above, HIPAA is often misspelled. However, knowing the proper spelling of this term is just the first step in ensuring that electronic protected health information is secured, according to the standards described by the federal government. At Atlantic.Net, our HIPAA Compliant Hosting Services are backed by fully audited HIPAA, HITECH and SOC 1 & SOC 2 certified infrastructure. Get a free HIPAA Hosting quote today!