Health Insurance Portability & Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law enacted in 1996 to protect the privacy and security of individuals’ medical information. It applies to healthcare providers, insurers, and their business associates who handle protected health information (PHI).

About Health Insurance Portability & Accountability Act (HIPAA)

What are the 3 rules of HIPAA?

HIPAA is built around three core rules. The Privacy Rule sets standards for how PHI is collected, used, and disclosed. The Security Rule outlines safeguards—administrative, physical, and technical—that organizations must implement to protect electronic PHI (ePHI). The Breach Notification Rule requires covered entities to notify individuals, the Department of Health and Human Services (HHS), and sometimes the media, in the event of a data breach involving unsecured PHI.

What are examples of HIPAA violations?

HIPAA violations include scenarios like discussing patient information publicly, leaving patient files unprotected, losing an unencrypted device containing PHI, or failing to enter into a business associate agreement with vendors handling PHI. Even accidental disclosures, like emailing the wrong patient’s records, can trigger a violation and substantial penalties.

What is the main purpose of the HIPAA law?

HIPAA aims to protect sensitive patient information while allowing the flow of health data necessary for high-quality care. It gives patients greater control over their medical data and imposes strict standards on organizations to safeguard this information from misuse, unauthorized access, and breaches.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.