Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Work was being done in the mid 1990s to reform health care. The focus was on providing greater access to health care and addressing administrative concerns.

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted into law. The law contains a section known as Administrative Simplification provisions that require HHS to adopt national standards for:

Electronic transactions and code set standards



National identifiers

HIPAA calls for compliance to streamline the administration of health care, it promoted uniformity by requiring standards for several administrative transactions. Under HIPAA, each payer can no longer have unique processes for electronic transactions. When conduction electronic administration transactions, all entities covered under HIPAA must use the same standard format. 

Congress soon recognized that advances in electronic technology could erode the privacy of health information. This led to the incorporation into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information (IIHI). The final privacy rule was published in August 2002. This rule set the privacy standards by three types of covered entities (CEs): health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically.

HHS published a final Security Rule, February 2003. This Rule set national standards for protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI). Compliance with the Security Rule was required as of April 20, 2005.

January 23, 2013, HHS announced the final Omnibus Rule, modifying the HIPAA Privacy, Security, and Enforcement. Compliance by BAs and CEs became effective September 23, 2013.

HIPAA Compliance

The HIPAA Rules apply to Covered Entities (CEs) and Business Associates (BAs)

Individuals, organizations, and agencies that meet the definition of a Covered Entity (CE) under HIPAA must comply with the HIPAA Rules requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.

If a CE engages a Business Associate (BA) to help it carry out its health care activities and functions, the CE must have a written BA contract with the BA in order to be in compliance that establishes specifically what the BA has been engaged to do and requires the BA to comply with the HIPAA Rules requirements to protect the privacy and security of protected health information (PHI). BAs must have BA contract with subcontractor. BA liability flows downstream. Each downstream contract must be as stringent as the one above.

CEs are liable for violations of BA agent and BAs are liable for violations of a subcontractor agent acting within the scope of agency.

A HIPAA covered entity (CE) is any organization or corporation that directly handles protected health information (PHI) or personal health records (PHR). 

A CE is one of the following:

Health Care Provider: doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies  (only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard).

Health Plan: health insurance companies, HMOs, company health plans, government programs that pay for health care (Medicare, Medicaid, military and veterans health care programs).

Health Care Clearinghouse: entities that process nonstandard health information they receive from another entity into a standard electronic format or data content.

It’s important for all CEs and their administrative workforce including health care providers, Registered Nurses, and other health care workers, to understand HIPAA compliance for their business associates (BAs).

A BA is one of the following:

Third party administrator who assists a health plan with claims processing; Patient Safety Organizations and others involved in patient safety activities; Health Information Organizations (e-prescribing gateways or health information exchanges that transmit and maintain PHI and personal health record vendors physicians sponsor for their patients; pharmacy benefits manager; independent medical transcriptionist; Consultant who provides utilization reviews; attorney whose legal services to a health plan involve access to PHI; subcontractors that create, receive, maintain, or transmit PHI on behalf of BAs.

HIPAA Training


HIPAA Training for Business Associates
HIPAA Training for Business Associates
HIPAA Training for Health Care Workers
HIPAA Training for Health Care Workers

I'm Ready to Start My
HIPAA Training.

25 Courses for Just $59 - Everything Bundle - Only $59
more info

HIPAA for Medical Office Staff - Only $20
HIPAA Training for Medical Office Staff

HIPAA for Business Associates - Only $20
HIPAA Training for Business Associates

HIPAA for Heath Care Workers - Only $25
HIPAA Training for Health Care Workers

HIPAA for Business Associates Administrators - Only $25
HIPAA Training For Business Associate Administrators

HIPAA for Human Resources Professionals - Only $30
HIPAA Training for Human Resources Professionals

HIPAA for Mental Health Care Providers - Only $30
HIPAA Training for Mental Health Care Providers

HIPAA for Lawyers - Only $40
HIPAA Training for Lawyers

HIPAA for Law Office Staff - Only $25
HIPAA Training for Law Office Staff

Why Choose Us?

  • ANCC Accredited
  • Nationally Recognized Certificate
  • US Board Certified Planners & Presenters
  • Based on Latest Guidelines
  • 30 Day Money Back Guarantee


  • Free Retakes on Exam Until You Pass
  • Instant Access - 100% Online
  • Access 24/7 from Anywhere
  • No Recurring Fees
  • Instant Certificate Printing
  • Unlimited Free Support

Satisfaction Guaranteed!

We offer a 30-day, no questions asked, money back guarantee on all our products!

Terms of Service


In the ever changing, highly technical health care environment of today, it is essential that health care facilities, health care professionals, business associates, and health care industry representatives stay current with government mandates and standards that ensure patient safety and positive outcomes.


All modules are current with compliance mandates and standards of:


HIPAA (Health Information Portability and Accountability Act)

OSHA (Occupational Safety & Health Administration)

AORN (Association of Perioperative Registered Nurses)

PhRMA (Parmaceutical Research & Manufacturers of America)

TJC (The Joint Commission)


HIPAA Exams, Inc. has been a leader in health care training and HIPAA compliance since 2002 and is accredited by ANCC to provided continuing nurse education. All learning modules are web-based and convenient for users to access.  The American Nurses Credentialing Center Commission on Accreditation accredits HIPAA EXAMS, INC as a provider of continuing nursing education

Our medical training and HIPAA compliance courses are offered in Occupational Therapy and Medical programs at academic institutions, including: Seton Hall University, Worcester State University, Florida, State University, Tulane University, and Brigham Young. It is the intention of HIPAA Exams to introduce medical students to health care training and compliance as an ongoing practice that they can access throughout their careers. Credentialing in the health care area is becoming more and more essential in the health care workplace to ensure competency and compliance.

HIPAA Exams also provides health care training and HIPAA compliance to registered nurses, health care facilities, private practitioners, health care industry representatives, health care networks, the U.S. Air Force, U.S. Job Corps, and all other health care workers.