HIPAA
What is HIPAA?
HIPAAThe U.S. Health Insurance Portability and Accountability Act, which sets national standards for protecting individually identifiable health information.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), implemented through the Privacy, Security, and Breach Notification Rules, sets U.S. national standards for protecting Protected Health Information (PHI). It applies to covered entities — health plans, healthcare providers conducting electronic transactions, and healthcare clearinghouses — and to their business associates handling PHI on their behalf. The Security Rule mandates administrative, physical, and technical safeguards (such as access controls, audit logs, transmission security, and risk analysis). The HHS Office for Civil Rights (OCR) enforces HIPAA and can impose civil and, for willful violations, criminal penalties.
● Examples
- 01
A hospital encrypting PHI at rest and in transit to satisfy the Security Rule.
- 02
A SaaS vendor signing a Business Associate Agreement with a healthcare provider.
● Frequently asked questions
What is HIPAA?
The U.S. Health Insurance Portability and Accountability Act, which sets national standards for protecting individually identifiable health information. It belongs to the Compliance & Frameworks category of cybersecurity.
What does HIPAA mean?
The U.S. Health Insurance Portability and Accountability Act, which sets national standards for protecting individually identifiable health information.
How do you defend against HIPAA?
Defences for HIPAA typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for HIPAA?
Common alternative names include: Health Insurance Portability and Accountability Act.