Aadit Technologies

HIPAA

Compliance

Health Insurance Portability and Accountability Act

HIPAA (the Health Insurance Portability and Accountability Act) is a United States law that sets national standards for protecting sensitive patient health information. It requires healthcare providers, insurers, and their business associates to safeguard protected health information (PHI) through administrative, physical, and technical controls, and to notify affected individuals when a data breach occurs.

HIPAA is enforced through several rules. The Privacy Rule governs how PHI may be used and disclosed; the Security Rule sets safeguards for electronic PHI; and the Breach Notification Rule dictates how and when breaches must be reported to individuals and regulators.

Compliance applies not only to covered entities such as hospitals and insurers, but also to business associates — vendors and service providers that handle PHI on their behalf. Violations can carry substantial civil and, in some cases, criminal penalties.