HIPAA (Health Insurance Portability and Accountability Act)

HIPAA is U.S. legislation establishing data privacy and security requirements for protecting health information.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is U.S. federal legislation that establishes national standards for protecting sensitive patient health information (PHI) from disclosure without patient consent or knowledge.

HIPAA Rules

Privacy Rule: Establishes standards for PHI use and disclosure
Security Rule: Defines technical and physical safeguards for ePHI
Breach Notification Rule: Sets requirements for breach reporting
Enforcement Rule: Outlines penalties and investigation procedures

Who Must Comply

Covered entities include healthcare providers, health plans, and healthcare clearinghouses. Business associates handling PHI on behalf of covered entities must also comply.

Common Misconceptions

"HIPAA only applies to doctors" - Includes insurers, clearinghouses, business associates
"Encryption is required" - Addressable, not required (but strongly recommended)
"Any health data is PHI" - Must be identifiable and held by covered entity