Glossary definition: The Health Insurance Portability and Accountability (HIPAA)

Understanding HIPAA: What It Is & How It Affects You

The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that provides data privacy and security provisions for safeguarding medical information. The law applies to health plans, health care clearinghouses, and those health care providers that conduct certain financial and administrative transactions electronically. The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain financial and administrative transactions electronically. The Privacy Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, physical, and technical safeguards for protecting and securing protected health information. The Security Rule addresses both technical and non-technical safeguards, such as administrative, physical, and technical controls. The HIPAA Enforcement Rule provides the procedures for enforcing the privacy and security provisions of HIPAA. The Enforcement Rule outlines the procedures for investigating and resolving complaints of noncompliance and outlines the penalties for violations of the HIPAA Rules. The HIPAA Breach Notification Rule requires covered entities to provide notification following a breach of unsecured protected health information. The Breach Notification Rule requires covered entities to provide notification to affected individuals, the Secretary of the Department of Health and Human Services (HHS), and, in certain cases, to the media.