HIPAA: Health Insurance Portability Accountability Act

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is the federal law governing how an individual’s protected health information must be safeguarded, including national privacy standards to protect individuals’ medical records and other personal health information. HIPAA mandates how organizations must maintain reasonable and appropriate administrative, technical and physical safeguards for protecting electronic health information.

Fairfax County's HIPAA Compliance Program 

Fairfax County understands your health privacy is important. We are committed to implementing the provisions under HIPAA and have a HIPAA Compliance Program in place.  
The Program ensures the County complies with HIPAA, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.  This includes all applicable requirements of the HIPAA Security and Privacy Rules and all amendments to such rules contained in the HITECH Act and any accompanying regulations, and any other subsequently adopted amendments or regulations.

More About Fairfax County and HIPAA

The County classifies itself as a "hybrid entity’” a term that is defined in the Code of Federal Regulations, Section 164.103. The County is a covered entity whose business activities include both covered and non-covered functions.

Those components of the County performing covered functions or activities and those components performing functions or activities that would make them a business associate of a component that performs covered functions if the two components were separate legal entities shall be designated health care components and are required to implement the provisions of this procedural memorandum.

The assignment of agencies and programs within the Fairfax County HIPAA Hybrid Entity is subject to change based upon changes to regulation or to internal business processes.

HIPAA regulations directly cover 3 basic groups of individual or entities:

Fairfax County Government's Health Plan is a separate legal entity and a covered entity under HIPAA. Many of the implementation provisions of HIPAA do not apply to Fairfax County's fully insured components of the Health Plan; however, all provisions of HIPAA apply to the self-insured component of the Health Plan. 

Fairfax County Government employees may participate in the many benefit plans offered by the County, such as health insurance, long term care insurance, the employee assistance program, and flexible spending programs. Fairfax County Government retirees are eligible to continue their health, dental, life, and long-term care insurance. HIPAA applies to these benefit plans; therefore the County benefit plans will be HIPAA compliant.

Employees who request assistance from the Department of Human Resources with respect to benefit claims or issues may be asked to sign a waiver, authorizing County benefit staff to discuss their benefit issues with a plan provider. Waivers are available from each individual health plan. 


Fairfax County Government provides care and services related to the physical or mental health of our residents. Fairfax County also provides numerous non-health care related services to our residents. Fairfax County has chosen to restrict the application of the HIPAA Privacy Rule to those parts of the County enterprise that are performing covered health care transactions.

A covered health care transaction is an electronic billing function related to payment or authorization for health care services. The application of the HIPAA Privacy Rule to certain components of the County is permissible within the definition of a hybrid entity. 

Fairfax County's hybrid entity currently consists of the Fire and Rescue Department (FRD), the Health Department (HD), Neighborhood and Community Services - Adult Day Health Care, Sheriff's Office - Medical Branch and the Fairfax-Falls Church Community Services Board (CSB).

Agencies providing human services support to clients of the HD and the CSB will be designated within the hybrid entity as appropriate policies and procedures are adopted. In addition, as agencies seek to automate business processes related to health care billing and electronic transactions, then they will be designated within the Fairfax County Government's HIPAA hybrid entity. 

Agencies providing other health care services to employees, students, inmates or residents will continue to apply the appropriate confidentiality provisions mandated by licensure standards, ethical codes, county personnel policies, and other federal and state laws. 

Fairfax County Government does not consist of any health care clearinghouse functions. 

Fairfax Virtual Assistant