HIPAA (Health Insurance Portability and Accountability Act).

Introduction

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that
required the creation of national standards to protect sensitive patient health information from
being disclosed without the patient’s consent or knowledge. The act intends to protect private
and sensitive patient data from hospitals, insurance companies, and healthcare providers. IPAA
compliance is regulated by the Department of Health and Human Services (HHS) and the
provisions of the Act are enforced by the Office for Civil Rights (OCR).

HIPAA Privacy Rule

The HIPAA Privacy rule protects all the individual information regarding their health
conditions(known as protected health information or PHI) that is held or transmitted by a
covered entity or a BA. This information can be held in any form. Including digital, paper or oral.

The Privacy Rule also contains the rights of an individual to understand and control how their
health information is used. The major goal of the rule is to make sure that individual health
information is properly protected while allowing the necessary information to be transferred in
need for providing better healthcare service to the individual, and to protect the wellbeing of the
patient. The Privacy Rule allows the important use of information about patient health while
protecting the privacy of the patient or an individual who seeks healthcare treatment.

The PHI includes but is not limited to the following:

● A patient name, address, date of birth, Social security number, biometric identifications
or other personal identification information.
● An individual’s pst, present, or future physical or mental health condition;\
● Any type of treatment provided to the individual

PHI does not include the following:

● The employment records, including education about the person's education, as well as
other records.

Types of Organizations:
1. Covered Entities- Any type of company or organization which provides treatment,
operations, and payment in healthcare and as a result creates, collects or transmits PHI
electronically is considered a converted entity. Example: Healthcare providers, Health
insurance providers and healthcare clearinghouses.
2. Business associates- Any company that has access to PHI and provides support in the
form of treatment or operations is considered as a business associate. Example IT
providers, electronic health records platforms, etc.
HIPAA in Healthcare Industry:
Healthcare organizations that handle protected health information (PHI) or electronic protected
health information (ePHI) are the main target audience for the Health Insurance Portability and
Accountability Act (HIPAA). These organizations are in charge of protecting the confidentiality
and security of patients' sensitive health information. Here are some of the principal clients to
reach for HIPAA compliance:
1. Healthcare Providers: This includes hospitals, clinics, doctors' offices, nursing homes,
and other healthcare facilities that collect, store, and transmit patients' health
information.
2. Health Plans: Health insurance companies, HMOs (Health Maintenance Organizations),
and other health plans that process and manage insurance claims and medical records.
3. Healthcare Clearinghouses: Organizations that process nonstandard health
information into standard formats for electronic submission to health plans.
4. Business Associates: These are third-party entities that provide services to covered
entities (healthcare providers, health plans, or healthcare clearinghouses) involving the
use or disclosure of PHI. Business associates might include medical billing companies,
IT service providers, cloud storage providers, and more.
5. Healthcare Contractors and Subcontractors: Organizations that provide services to or
on behalf of business associates that involve PHI.
6. Researchers: Those involved in medical research that use patient data must adhere to
HIPAA guidelines when accessing and using PHI for research purposes.
7. Pharmacies: Pharmacies and pharmacists who process prescriptions and maintain
patient medication records.
8. Laboratories: Medical testing laboratories that process and store patient samples and
data.
9. Telehealth Providers: As telehealth services become more common, providers offering
remote healthcare services must also comply with HIPAA rules and regulations.
10. Medical Device Manufacturers: Companies that produce medical devices and
technologies that collect or transmit patient data must ensure their products comply with
HIPAA requirements.

HIPAA Security Rule

While the Privacy Rule safeguards the health information, this rule focuses on the technical and
physical safeguards that healthcare entities must implement to ensure the confidentiality,
integrity, and availability of electronic protected health information (ePHI). It mandates
administrative, physical, and technical measures to protect against unauthorized access, data
breaches, and other security risks.
To ensure the secure transmission, maintenance, and receipt of PHI, the rule mandates the
implementation of safeguards, both physical and electronic. Healthcare organizations should
ask three crucial risk analysis questions when addressing the risks and vulnerabilities related to
PHI and ePHI.
 1. Can the sources of ePHI and PHI within the organization -- including all PHI created,
received, maintained or transmitted -- be identified?
2. What are the external sources of PHI?
3. What are the human, natural and environmental threats to information systems that
contain ePHI and PHI?

HIPAA Privacy Rule Penalties.

Under the breach of medical information of a patient could result in a fine from OCR(Office of
Civil Rights) to the Organisation or an individual. Depending on the severity the offenses are
split into four categories:
1. Unknowingly violating HIPAA is $100 per violation, with an annual maximum of $25,000
for repeat violations.
2. Reasonable cause for violating HIPAA is $1,000 per violation, with an annual maximum
of $100,000 for repeat violations.
3. Willful neglect of HIPAA, but the violation is corrected within a given time period, is
$10,000 per violation, with an annual maximum of $250,000 for repeat violations.
4. Willful neglect of HIPAA, and the violation remains uncorrected, is $50,000 per violation,
with an annual maximum of $1.5 million for repeat violations.

A punishment of up to $50,000 and up to a year in jail are possible for covered businesses and
people who knowingly collect or disclose PHI in violation of the HIPAA Privacy Rule. Penalties
can be escalated to a $100,000 fine and up to 10 years in jail if the HIPAA Privacy Rule is
broken under false pretenses.

Through HIPAA compliance training programs, organizations can lessen their risk of regulatory
action. OCR provides advice through educational initiatives on adhering to security and privacy
regulations. Programs are also provided by a variety of consultancies and training
organizations. Healthcare providers may also decide to design their own training courses, which
frequently cover their current HIPAA privacy and security guidelines, the HITECH Act, and
mobile device management (MDM) procedures.
What sector is mainly affect by HIPAA
The healthcare and medical sector is where HIPAA (Health Insurance Portability and
Accountability Act) originated. It is a key piece of law in the United States that handles the
privacy of patients, data security, and the portability of health insurance coverage, among other
things, in the context of healthcare information. The major objective of HIPAA is to guarantee
patient privacy and security while protecting sensitive health information within the healthcare
sector.

Some of the industry figures in US Healthcare industry and their info:

Joanne Byron
With over 35 years of clinical and executive healthcare experience in compliance, coding,
auditing, privacy, and security, Joanne, the CEO and Board Chair, is a valuable asset. Her
broad range of experience includes senior healthcare consultancy, M&A involvement, coding
leadership, and health care consulting. Along with AIHC, Joanne is a member of AHIMA,
HiMSS, and HFMA. She attended Lake Erie College after earning an honors nursing degree
from St. Augustine Technical Center. Joanne is certified in clinical documentation improvement,
compliance, HIPAA privacy/security, auditing, ICD-10, and medical billing.
About: AHIMA
The American Institute of Healthcare Compliance (AIHC) is an esteemed group committed to
elevating excellence in the healthcare compliance industry. The AIHC is a key player in
advancing knowledge and standards in fields like coding, auditing, privacy, and security.
Joanne, who has over 35 years of clinical and executive healthcare experience, is one of the
organization's experienced leaders. The AIHC ensures that its members stay current with the
most recent trends and practices through affiliations with reputable healthcare associations like
AHIMA, HiMSS, and HFMA. Joanne's extensive credentials and affiliations demonstrate AIHC's
dedication to giving experts in the healthcare compliance field top-notch training and resources.

https://aihc-assn.org/board-of-directors/
https://www.linkedin.com/in/joanne-b-752a8b31/

William B Rabourn Jr
Founder CEO of Medical Consulting Group
With nearly a quarter-century of experience in business strategy, Bill Rabourn serves as the
Founder and Managing Principal of Medical Consulting Group. His extensive expertise has
yielded a remarkable track record of success within the medical industry. Operating from his
headquarters in the Midwest, Bill offers consulting and creative services to a curated selection
of medical, surgical ophthalmology, and plastic surgery practices across the United States. His
clientele spans from fledgling ventures to esteemed established practices.

About the Medical Consulting Group: Established in 1989 by managing principal Bill Rabourn
and co-founders, Medical Consulting Group emerged as a modest entity named MedSource,
consisting of just three individuals.The firm had evolved into Medical Consulting Group,
welcoming the expertise of three additional managing principals: Stephen Sheppard, CPA,
COE; Robert McCarville, MPA; and Erin Malloy.

In 2023, MCG joined forces with Corcoran Consulting Group, headquartered in San Bernardino,
California. Renowned for its specialization in coding and reimbursement matters for
ophthalmology and optometry practices, the merger marked a significant milestone.

https://medcgroup.com/about/our-team/william-b-rabourn-jr/

Marc Hskelson
CEO of Compliancy Group
In the area of healthcare compliance solutions, Compliancy Group is widely regarded as a
pioneer. Compliancy Group provides a comprehensive platform that helps healthcare
businesses achieve and maintain compliance with HIPAA (Health Insurance Portability and
Accountability Act) rules with a heavy emphasis on demystifying the intricacies of regulatory
requirements. They provide healthcare professionals with user-friendly software, professional
advice, and tools to help them protect patient data and uphold the strictest privacy and security
requirements. Compliancy Group is a reliable partner for navigating the complex world of
healthcare compliance because of their specialized approach and dedication to education.
https://www.linkedin.com/in/mhaskelson/

Json Karn
Chief Compliance Officer,Total HIPAA
A well-known supplier of all-inclusive solutions for guaranteeing adherence to the Health
Insurance Portability and Accountability Act (HIPAA), Total HIPAA Compliance is. Total HIPAA
offers a variety of tools, training, and resources to help healthcare businesses protect patient
information and uphold legal compliance. Total HIPAA specializes in healthcare regulatory
needs. Total HIPAA is a beneficial partner for healthcare professionals looking to manage the
complex HIPAA regulations and safeguard the privacy and security of patient data because of
their user-friendly approach and in-depth expertise.

https://jasonkarn.com/
https://www.totalhipaa.com/about-us-2/

HIPAA's major objective is to safeguard the security and privacy of patient health information
and to make sure that it is handled and shared throughout the healthcare ecosystem in an
appropriate manner. The confidentiality and integrity of this sensitive data must be maintained
by covered businesses and their business partners by putting measures and procedures in
place.

ADVANTAGES OF HIPAA
1. Patient Privacy Protection:
 Sensitive patient health information, often known as protected health information (PHI),
is subject to tight rules set forth by HIPAA. This helps prevent unauthorized disclosure
and guarantees that people have control over who can access their health information.
2. Data Security Enhancements:
HIPAA demands that covered entities put security safeguards in place to protect
electronic protected health information (ePHI). The risk of data breaches is decreased by
these measures, which include encryption, access controls, and frequent security
evaluations.
3. Patient Access to Health Records:
HIPAA permits patients to access and obtain copies of their medical records. This
promotes transparency, patient engagement, and allows individuals to be better
informed about their health conditions and treatment options

4. Data security measures are required by the HIPAA Security Rule to protect electronic
health records. To protect sensitive health data from cyberattacks and breaches,
technical measures like firewalls and encryption must be put in place.

5. Health Information Portability: HIPAA enables the seamless transfer of medical records
when people switch insurers or healthcare providers. This guarantees that patients can
continue receiving appropriate care without interruptions or the misplacement of vital
medical data.

6. Standardization: By establishing standardized codes and formats for medical

transactions, HIPAA makes it simpler for healthcare providers and insurers to
communicate and to accurately and quickly process claims.

7. Efficiency of Electronic Transactions: The use of standardized electronic transactions

streamlines administrative procedures and decreases paperwork, making healthcare
operations more efficient.

8. Improved Patient Rights: Under HIPAA, patients have the right to see their own health
records, ask for changes, and find out who has accessed their information. This gives
patients the ability to actively manage their own healthcare.

9. Facilitates Public Health and Research: HIPAA permits the release of de-identified
health information for public health and research purposes. This advances medical
research and enables public health officials to deal with disease outbreaks and other
health problems in an efficient manner

10. Enhanced Healthcare Quality: By promoting the secure sharing of information between
healthcare providers, HIPAA contributes to better care coordination and informed
medical decision-making, ultimately improving the quality of patient care.
 11. Legal Framework: HIPAA provides a clear legal framework for handling health
information, which helps healthcare organizations and professionals navigate complex
privacy and security requirements while avoiding legal complications.

12. Trust Building: HIPAA's focus on patient privacy and data security fosters trust between
patients and healthcare providers. Patients are more likely to share accurate and honest
information when they know their data is being handled with care.

13. Avoidance of Unauthorized Access: HIPAA requires organizations to implement

safeguards against unauthorized access to health data, reducing the risk of data
breaches and the potential harm that can arise from such incidents.

14. Long-Term Health Information Management: HIPAA helps establish guidelines for the
retention and proper disposal of health information, ensuring that sensitive patient data
is managed appropriately throughout its lifecycle

HIPAA has evolved with the changing healthcare landscape over the years.
Telehealth and COVID-19: COVID19 led to temporary waivers and guidance for
telehealth services, which balanced patient privacy with increased access to care during a
public health emergency.
Strengthened Enforcement: In recent years, HIPAA enforcement has increased
significantly, with substantial penalties for violations. Resulting in substantial penalties for
noncompliance. This shows the importance of protecting patient data and maintaining regulatory
contancy.

Patient Access: HIPAA guidelines have also evolved with the 21st century Cures Act
provisions, which have made it easier for patients to access their EHRs. This allows patients to
engage and control their health information while still adhering to HIPAA's security measures.

Emerging Technologies: As healthcare continues to integrate AI and machine learning

technologies, HIPAA guidelines continue to evolve to ensure that these technologies protect
patient privacy. HIPAA has clear protocols for de-identification of data and encryption to ensure
confidentiality.

Latest amendments on HIPAA

1. HIPAA Omnibus Rule (2013): This rule implemented changes to HIPAA regulations in
response to the HITECH Act, enhancing privacy and security protections. It addressed
issues like business associate liability, breach notification requirements, and the use of
patient data for marketing purposes.

2. 21st Century Cures Act (2016): This act introduced provisions to make it easier for
patients to access their electronic health records (EHRs) and share them with caregivers
 and other healthcare providers. It also aimed to improve interoperability and data
exchange among different healthcare systems.

3. HIPAA Enforcement Rule Updates: The HHS periodically updates the HIPAA
enforcement rules to clarify penalty tiers, settlement amounts, and processes for
investigating and addressing violations.

4. COVID-19-Related Changes: During the COVID-19 pandemic, temporary waivers and

relaxations were introduced to allow for expanded telehealth services and remote patient
care, while maintaining HIPAA compliance to the extent possible.

5. Advancements in Health IT: As technologies like AI, machine learning, and cloud
computing become more prevalent in healthcare, there may have been updates or
guidance related to their use under HIPAA regulations to ensure patient data security
and privacy.
2021 HIPAA Safe Harbour Law
On jan 21,2021 the HIPAA safe harbor (HR7898) was signed into law by president Trump and
amended the HITECH Act. The purpose of the act to encourage healthcare providers to adopt
Recognised security practices to improve defense against cyber attack.
The HIPAA Safe Harbor Bill instructs the HHS(U.S department of Health and Human Services)
to take into account the cybersecurity best practices that a HIPAA-regulated entity has adopted,
which have been consistently in place for the 12 months preceding any data breach when
considering HIPAA enforcement actions and calculating financial penalties related to security
breaches and HIPAA Security Rule violations.

21s Century Cure Act:

The 21st Century Cures Act was made in 2016 to help medical research grow and let patients
get their healthcare data more easily to share with researchers. The law told the HHS to make a
new Rule that makes it simpler for healthcare data to move between patients, doctors, and
technology like electronic health records (EHR).

In March 2020, the HHS' Office of the National Coordinator for Health Information Technology
(ONC) made the Interoperability and Information Blocking Final Rule. By April 5, 2021,
healthcare providers, Certified Health IT makers, and health information networks had to follow
the new rules to stop blocking information, although this date was changed from November 2,
2020, because of COVID-19.

In March 2020, the Centers for Medicare and Medicaid Services (CMS) also made an
interoperability rule. This rule was for certain hospitals. By July 1, 2021, these hospitals had to
follow the rule. The CMS makes sure hospitals follow this rule.

According to the CMS Final Rule, hospitals and health plans that work with Medicare and
Medicaid must use a secure way for patients to see their claims and other information in apps
they choose. They also must share information about doctors and tell patients when they go to
the hospital.

The final rules don't change HIPAA or the HITECH Act, but they're related. They help patients
see their healthcare information more easily. HIPAA policies could break the ONC Final Rule if
they block information. People who block information might need to pay up to $1 million in
penalties.

The New HIPAA regulations:

In December 2020, the OCR published a Notice of Proposed Rulemaking (NPRM) outlining
potential modifications to the HIPAA Privacy Rule. After the comment period, the Final Rule will
be published in 2023, and it will implement new HIPAA rules.
These adjustments are made to bring the laws governing the disclosure of information
on mental illness and substance use disorders (SUD) more closely in line with HIPAA, giving
healthcare providers more access to patient records for the purpose of making educated
treatment choices.
By enhancing care coordination and ensuring that all healthcare data is protected
equally, the opioid issue is intended to be addressed. These modifications were made possible
by the 2020 CARES Act, which pushed for closer coordination between HIPAA and SUD rules.
The CARES Act, passed in March 2020, aimed to provide comprehensive care during the
pandemic and address economic challenges due to COVID-19. It also brought changes to
substance use disorder (SUD) regulations to ensure SUD patients can access treatment. The
Act expanded sharing of SUD records for treatment, payment, and healthcare operations.
Patient consent rules were simplified, allowing broader consent. The Act safeguarded SUD
patients' rights, curbing misuse of records and discrimination. Proposed changes aligned with
HIPAA, introducing new patient rights, complaint procedures, and penalties for violations.
Breach notification, enforcement, and confidentiality procedures were updated in line with
HIPAA. The Act also updated HIPAA, incorporating provisions for covered entities handling
SUD records

In December 2018, OCR requested feedback from HIPAA-covered entities on improving HIPAA
Rules to enhance healthcare delivery and data sharing. The focus was on easing barriers to
value-based healthcare and coordinated care in the HIPAA Privacy Rule. Proposed changes
include loosening restrictions on patient-authorized PHI disclosures and reinforcing patient
rights to access their own PHI. Controversial proposals involve mandatory sharing of electronic
PHI (ePHI) among providers and a shorter timeframe for responding to patient requests for
medical records. Concerns from the American Hospital Association and American Medical
Association have been raised. These changes aim to address obstacles in patient care and
combat the opioid crisis, while also reducing administrative burdens for HIPAA-covered entities.
The new change of new HIPAA regulation by OCR as follows:
● Permitting patients to check their PHI personally and take notes or pictures of their PHI.
● Modifying the maximum time to give access to PHI to 15 days instead of 30 days.
● Requests by persons to exchange ePHI to a third party will be restricted to the ePHI
managed in an EHR.
● People will be allowed to ask for the transfer of their PHI to a personal health app.
● Covered entities must notify people of their right to get or send copies of their PHI to a
third party if a summary of PHI is provided rather than a copy.
● HIPAA-covered entities need to post approximated fee schedules for PHI access and
disclosures on their website.
● HIPAA-covered entities need to give personalized quotes of the fees for furnishing a
person with their own PHI copy.
● Pathway developed for people to direct the disclosure of PHI kept in an EHR to covered
entities.
● Healthcare providers and health plans need to respond to other covered health care
providers and health plans that requests for specific records in the event that a person
tells those entities to do thus as per the HIPAA Right of Access.
● The requirement for HIPAA-governed entities to get written affirmation that a Notice of
Privacy practices was given has been dropped.
● Covered entities are permitted to share PHI to avoid a threat to health or security when
injury is seriously and realistically foreseeable. The present definition refers to when
there is “serious and imminent” harm.
● Covered entities are allowed to make particular uses and disclosures of PHI according to
their good faith belief that it is best for the person.
● The inclusion of a minimum required standard exemption for uses and disclosures in
personal-level care coordination and case management, irrespective of whether the
activities make up treatment or medical care procedures.
● The meaning of healthcare operations was extended to include care coordination and
case management.
● The Armed Forces’ authorization to use or disclose PHI to all uniformed services was
extended.
● The proposed adjustments are a reason of concern for a lot of patients, and patient
privacy advocates, covered entities, and business associates because of the probable
effect the proposed changes will make on the privacy and security of medical data, the
economic problems the amendments may put on healthcare companies, and the
disappointment to line up HIPAA more tightly with the Part 2 rules and the 21st Century
Cures Act.

Need for the change of Privacy Law

Healthcare authorities have acknowledged that the HIPAA privacy regulation has to be
amended in order to better reflect the changing nature of healthcare, technology improvements,
and patient care requirements.

1. Advancements in Healthcare Delivery: A movement towards value-based care and

improved care coordination has been observed in the healthcare sector. The 1990s-era
HIPAA standards may not fully support these cutting-edge techniques, hampering
seamless patient information transmission and hindering effective collaboration among
healthcare professionals.

2. Digital service: Electronic health records (EHRs), telemedicine, and health apps have all
proliferated, which has changed how patient data is kept, accessed, and shared. To
ensure that patient information is secure while facilitating effective data sharing, HIPAA
laws need to be modified to address the issues and opportunities brought on by digital
health.

3. Patient-Centered Care: Patient involvement and empowerment have taken center stage
in the provision of healthcare. Patients expect to actively participate in the decisions
about their care and desire more access to their own health information. The right of
patients to easily access and manage their personal health information should be
supported by changes to HIPAA.

4. Opioid Epidemic and Public Health Needs: The opioid epidemic and other public health
concerns highlight how crucial it is for healthcare professionals to share vital patient
information. HIPAA laws that are too strict can prevent timely interventions and worsen
public health issues by causing delays in data exchange.

5. Research and Innovation Barriers: The current privacy laws may make it difficult to
conduct innovative medical research. Because of the complicated HIPAA regulations,
researchers frequently have trouble getting the data they need for their study. A more
adaptable structure might make it easier to share data responsibly for scientific reasons.

6. Care Continuity and Interoperability: Interoperability is essential for efficient care

coordination. In order to improve patient continuity of treatment across diverse
healthcare settings, HIPAA amendments should promote data interoperability among
various healthcare systems and providers.

7. Concerns about patient privacy and data breaches: HIPAA should continue to place a
big focus on patient privacy and data security even as it improves data sharing and
accessibility. Aiming to find a balance between safeguarding patients from potential
breaches of sensitive information and data exchange for better care, changes should be
made.
HIPAA is a legal framework rather than a commercial product, so it doesn't have direct
competitors in the traditional sense. But it shares similarity with its European model of
healthcare law standardized to all over europe which is GDPR(General Data Protection
Regulation)
HIPAA (US):
HIPAA seeks to protect the privacy and security of protected health information (PHI) in the US
healthcare industry. Scope: This applies to covered entities (health care providers, health plans,
health services) and their business associates. Key Features: Focuses on health information;
has special requirements for protected electronic health information (ePHI); promote privacy,
security and patient rights; emphasizes fulfillment and fulfillment. Market Size: The US
healthcare industry is huge, with healthcare spending projected to exceed $3.8 trillion in 2021.

GDPR (European Union):

GDPR is a comprehensive data protection rule that applies to all industries in the member
states of the European Union (EU). Although not only focused on health care, it has
implications for health information. Scope: This applies to all entities that process personal data
of EU residents. Key Features: Addresses the protection of personal data, including health
information; emphasizes consent, transparency, data rights, data breach reporting and
accountability; heavy fines are imposed for violations. Market size: The impact of GDPR covers
a number of industries in the EU 27, including healthcare. The gross domestic product (GDP) of
the entire EU economy is more than 15 trillion dollars

The average person cost of healthcare in US is around $12,318

US health care spending grew 2.7 percent to reach $4.3 trillion in 2021, slower than the
increase of 10.3 percent in 2020. The slower growth in 2021 was driven by a 3.5 percent
decline in federal government expenditures for health care that followed strong growth in
2020 that occurred largely in response to the COVID-19 pandemic and that more than offset
the impact of greater use of health care goods and services and increased insurance coverage
in 2021.
• Private Health Insurance: Private health insurance spending
increased by 5.8 percent in 2021 to $1.2 trillion and was driven by strong growth in
spending for medical goods and services, due to both increased utilization and increased
enrollment in 2021. Private health insurance enrollment increased 0.3 percent in 2021
to reach 200.7 million.
Hospital Care: Spending for hospital care services increased 4.4
percent in 2021 to reach $1.3 trillion, however, this was a slower growth rate compared
to 6.2 percent that was experienced in 2020. The slower growth in 2021 reflected a
substantial decrease in funding from other federal programs (COVID-19 relief is included
in this category. Spending growth in 2021 was higher than in 2020 for the major payers
of hospital care services—Medicare, Medicaid, and private health insurance
Reference
1. https://sprinto.com/blog/hipaa-compliance/#:~:text=The%20Health%20Insurance
%20Portability%20and,insurance%20companies%2C%20and%20healthcare
%20providers.
2. https://www.cdc.gov/phlp/publications/topic/hipaa.html
3. https://www.hhs.gov/hipaa/index.html
4. https://www.techtarget.com/searchhealthit/definition/HIPAA
5. https://www.hhs.gov/about/news/2023/07/20/hhs-office-civil-rights-federal-trade-
commission-warn-hospital-systems-telehealth-providers-privacy-security-risks-online-
tracking-technologies.html
6. U.S. Department of Health and Human Services. "Individuals' Right under HIPAA to
Access their Health Information."
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
7. U.S. Department of Health and Human Services. "HIPAA Enforcement."
https://www.hhs.gov/hipaa/enforcement/index.html.
8. U.S. Department of Health and Human Services. "Health Information Privacy."
https://www.hhs.gov/hipaa/index.html.
9. https://www.hhs.gov/hipaa/for-individuals/mental-health/index.html
10. https://www.hhs.gov/hipaa/for-professionals/security/index.html
11. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/
index.html
12. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
13. https://www.hipaajournal.com/hipaa-updates-hipaa-changes/
14. https://www.hipaa.info/new-hipaa-regulations-in-2022/
15. https://www.hipaajournal.com/new-hipaa-regulations/
16. https://www.insiderintelligence.com/insights/healthcare-industry/
17. https://www.cms.gov/files/document/highlights.pdf
18.