The information protected under HIPAA law is known as Protected Health Information – a subset of individually identifiable health information that is protected under HIPAA law when it is created, received, maintained, or transmitted by a covered entity. Individually identifiable non-health information is also protected under HIPAA law when it is maintained in the same designated record set as Protected Health Information.
The Healthcare Insurance Portability and Accountability Act (HIPAA) consist of five Titles, each with their own set of HIPAA laws. Four of the five sets of HIPAA compliance laws are straightforward and cover topics such as the portability of healthcare insurance between jobs, the coverage of persons with pre-existing conditions, and tax provisions for medical savings accounts.
However, Title II – the section relating to administrative simplification, preventing healthcare fraud and abuse, and medical liability reform – is far more complicated. It contains subsets of HIPAA laws which sometimes overlap with each other and several of the provisions in Title II have been modified, updated, or impacted by subsequent acts of legislation.
In this paper, we will examine recent cases that the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) determined to have violated HIPAA. Through this, we would like to propose a plan to ensure that personal information protection laws, including the Personal Information Protection Act, are effectively guaranteed in Korea as well.