Thank you for your question.
The Health Insurance Portability and Accountability Act of 1996
(HIPAA) was signed into effect by President Clinton to protect health
insurance coverage for workers and their families when they change or
lose their jobs (Portability) and to protect health data integrity,
confidentiality, and availability (Accountability). It consists of
five sections, or Titles, and places various legal requirements on the
health care industry, covering access, portability, and renewal (Title
I); preventing healthcare fraud and abuse, and promoting
administrative simplification (Title II); medical savings accounts/tax
deductions for the self-employed (Title III); enforcement of group
health plan provisions (Title IV); and revenue offset provisions
Blood banks/centers are covered entities, as defined in 45 CFR
Subtitle A, Subchapter C, under HIPAA as they would be considered an
organization who routinely handles Protected Health Information (PHI).
PHI is "any information, whether oral or recorded in any form or
"[i]s created or received by a health care provider, health plan,
public health authority, employer, life insurer, school or university,
or health care clearinghouse"; and
"[r]elates to the past, present, or future physical or mental health
or condition of an individual; the provision of health care to an
individual; or the past, present, or future payment for the provision
of health care to an individual"
The full Final Rule for Privacy can be found at
You can find more information on compliance requirements and HIPAA in
Thank you again for your question and if you need any additional
clarification, please let me know.
HIPAA Blood Bank
HIPAA Compliance Group
United States Department of Health and Human Services Office for Civil
Rights - HIPAA
American Association of Blood Banks