HIPAA - What do I need to know as a Health Entrepreneur?

Posted by Health Entrepreneur 02/03/2016

The enactment of “The Health Insurance Portability and Accountability Act” (HIPAA) Act was aimed at making health care affordable to all and also ensuring health insurance coverage to everyone. It didn’t take too much time for the lawmakers to realize that, in doing so, the privacy and confidentiality of patient health information would be jeopardized. But the result was an integral and indispensible part of HIPAA. Although, the health care organizations had to put in additional funds, resources, and efforts to comply with HIPAA, it opened vistas of business opportunities. Along with the security and privacy responsibilities, HIPAA has also created a “Peachy Leeway” for the new innovative business startups. Being an entrepreneur you just have to spot the scope and go for it!




HIPAA- A Double- Edged Sword


HIPAA was implemented to provide increased healthcare security and privacy for the people, however, it is a “double-edged sword”.  For example, a leading health insurance company like Anthem Inc. had to pay a penalty of $1.7 million for a computer security breach in healthcare data. On the contrary, it also played the role of business “ladder” for many successful new healthcare technology startups like Aptible, Flatiron, Misfit, and CardLogix. Along with the security and privacy responsibilities, HIPAA has also created a “Peachy Leeway” for the new innovative business startups. Being an entrepreneur you just have to spot the scope and go for it!


Genesis of HIPAA


Have you ever asked this question, why on earth an Act like HIPAA came into existence? Well, the answer revolves around the fact that till the 1990’s there was deficiency of a convenient system for storage of health records and protection of the health information. To rectify the situation, in the year 1996, Congress passed an act named as “The Health Insurance Portability and Accountability Act” (HIPAA). The Act was an amalgam of five set of titles or rules.


The HIPAA act mainly dealt with three main purposes:

  • To provide healthcare coverage to the maximum population

  • To reduce fraud and abuse cases in the health insurance

  • To digitalize health records and promote its confidentiality and security



Figure 1- Important Components of HIPAA


Although, HIPAA Act was implemented, but there were some existing gaps in the Health Information Privacy Rule. So, in the need to strengthen the HIPAA Act, the Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH) in the year 2009. The enactment of HITECH Act was aimed at strengthening of the electronic healthcare documentation system and Health Information Privacy rule. However, implementation of the HITECH Act required several amendments under the HIPAA Act. So, in order to modify certain terms and rules of the HIPAA Act, the Department of Health and Human Services (HHS) and the Office for Civil Rights)  issued the Final Omnibus Rule, in 2013.


The Omnibus Rule officially entitled as “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act,” was anticipated to augment the privacy rights of patient’s health records.


Amalgamation of the four revised rules led to the birth of the “The Final Omnibus Rule”:

  • Revision of HIPAA Privacy, Security, and Enforcement Rules

  • Revision of Privacy Rule, contemplated in 2010

  • Revision of Breach Notification Rule under the HITECH Act

  • Revision of Privacy rule required for implementation of Genetic Information Nondiscrimination Act (GINA)


The Omnibus Rule brought about certain vital changes in terms of interaction between covered entities and their business associates, and redefinition of terms like electronic storage material to electronic media and maximizing the non compliance penalty to $1.5 million. The origin of Omnibus Rule leads to the enactment of HIPAA amending to the HITECH rule. The Final Omnibus Rule worked as connecting “Puzzle piece” for the HIPAA and HITECH Act.



HIPAA compliance


The HIPAA Act implies certain strict norms of privacy and protection for the companies handling protected health information. The companies dealing with Personal Health Information (PHI) must safeguard it by auditing the status, storage location, network security and visibility. So, if a company complies with all the privacy and security norms, the company can be referred as HIPAA-compliant; a little deviation or breach may lead to noncompliance.


Penalty for Noncompliance


Non-compliance to HIPAA may have significant consequences, in terms of finance as well as reputation. The Office for Civil Rights (OCR) can impose both civil and criminal charges depending upon the extent of noncompliance. The civil penalties for HIPAA noncompliance vary depending upon the intention and level of breach.


Table 1: Civil penalties



Table 2: Criminal penalties



Please login to view full post.


Similar Articles

3 C’s — Cancer, Cure and COVID — The Aftermath

What happens to cancer care post-COVID? The New Normal will be NOTHING like — th...

Read More
FDA: A Must-to-Know for Healthcare Entrepreneurs

In early 1900’s, the healthcare scenario in the US was chaotic with the new drug...

Read More
Advancement in Patient-Focused Oncology Benefit Management

Oncology Analytics Raises $21 Million Series B Financing Led by Oak HC/FT

Read More
Funding Resources for Medical Device Startups

This article is about technology startup accelerators focused on medical device ...

Read More
Harvard Business School - Advanced Management Program - My Experience

A moment arrives in everyone's life when they feel a need to 're-explore' themse...

Read More


Subscribe here for free updates/newsletter

Inspirational Stories

  • Interview with Shanthu Kere, CEO, Palisha

    This health entrepreneur shares his motivational story that started with a "vision" to bring around a change in Oncology care-delivery, culminating in successful acquisition of his company. The journey, however, was fraught with hurdles and uncertainties that he overcame by staying true to his Mission.

    View more
  • Interview with Dr. Nilesh Nangrani

    Learn from an inspiring journey of an accomplished physician entrepreneur. Here he shares his beginnings, his life and his Vision to provide affordable and quality care to everyone, irrespective for their location.

    View more