TL;DR

HIPAA: The Health Insurance Portability and Accountability Act — federal law protecting patient health information privacy and establishing standards for electronic health transactions.

By Valenke Exam Prep Team·Last updated 2026-06-02

HIPAA

MEDICAL ASSISTANT PTCB CNA NNAAP NREMT EMT

Definition

The Health Insurance Portability and Accountability Act — federal law protecting patient health information privacy and establishing standards for electronic health transactions.

Overview

HIPAA was enacted in 1996 and amended by the HITECH Act (2009) and Omnibus Rule (2013). It establishes national standards for protecting individually identifiable health information (PHI).

The Privacy Rule governs use and disclosure of PHI. The Security Rule establishes safeguards for electronic PHI (ePHI). Both are heavily tested on certification exams.

Protected Health Information

PHI includes any individually identifiable health information relating to past, present, or future health, healthcare provision, or payment. It encompasses 18 specific identifiers including names, dates, phone numbers, SSNs, and medical record numbers.

The minimum necessary standard requires limiting PHI access, use, and disclosure to the minimum needed for the intended purpose.

Patient Rights Under HIPAA

Right to access and obtain copies of health records
Right to request amendments to health records
Right to an accounting of disclosures
Right to request restrictions on uses and disclosures
Right to request confidential communications
Right to receive a Notice of Privacy Practices
Right to file a complaint

Violations and Penalties

HIPAA violations are tiered by culpability. Tier 1 (lack of knowledge): $100–$50,000 per violation. Tier 4 (willful neglect not corrected): $50,000 per violation, maximum $1.5 million per year.

Common violations include unauthorized record access (snooping), improper PHI disposal, lost unencrypted devices, unauthorized disclosures, and posting patient information on social media.

Why It Matters

HIPAA is tested on MA, PTCB, CNA, and EMT exams. You must understand protected health information (PHI), minimum necessary standard, patient rights, and penalties for violations.

Practice This Topic

Practice ma admin hipaa → MEDICAL ASSISTANT Practice ptcb fed hipaa → PTCB Practice cna legal rights → CNA NNAAP Practice emt ops safety legal → NREMT EMT

Ready to practice for the MEDICAL ASSISTANT?

Adaptive practice powered by Item Response Theory targets your weak areas. Start with 3 free sessions.

Start free practice →

Frequently Asked Questions

What qualifies as PHI?▼

Any individually identifiable health information with one or more of the 18 HIPAA identifiers (name, DOB, SSN, MRN, etc.).

Can a pharmacy tech discuss a prescription with a patient's spouse?▼

Only if the patient has authorized the disclosure or the spouse is the patient's personal representative.

What is the minimum necessary standard?▼

Covered entities must limit PHI access to the minimum amount needed for the intended purpose. Does not apply to treatment disclosures.