The United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) actually has two sections, Title I and Title II.
Title I deals with the protection of health insurance coverage for those people who lose or change jobs.
Title II deals with the standardization of healthcare-related information systems. It requires medical providers to ensure that they protect the privacy and security of their patients' medical information and also that they use a standard format when submitting electronic transactions, such as submitting claims to payers.
HIPAA seeks to establish standardized mechanisms for electronic data interchange, security, and confidentiality of all healthcare-related data. The Act mandates: standardized formats for all patient health, administrative, and financial data; unique identifiers (ID numbers) for each healthcare entity, including individuals, employers, health plans and health care providers; and security mechanisms to ensure confidentiality and data integrity for any information that identifies an individual.
The compliance date for HIPAA’s Standards for Privacy of Individually Identifiable Health Information, known as the Privacy Rule, was April 2003. The Privacy Rule governs the use and disclosure of protected health information by “covered entities”. Health care providers, health plans and health care clearinghouses are covered entities. Since most registries (IIS) do not perform covered functions (e.g. direct service payments), they are not required to comply with HIPAA. However, maintaining the privacy and security of immunization data has been and continues to be a major priority of registry developers and public health personnel nationwide.
For very detailed information on HIPAA please go to the Health and Human Services website page at http://www.hhs.gov/ocr/hipaa/