The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law that was enacted in 1996 to improve the portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, and to promote the use of medical savings accounts. The law includes provisions to protect the privacy and security of health information, known as protected health information (PHI). The privacy regulations under HIPAA establish national standards for safeguarding the confidentiality, security, and integrity of PHI when it is transmitted or maintained in any form or medium. The security regulations under HIPAA establish standards for ensuring the confidentiality and integrity of electronic PHI, as well as standards for physical, administrative, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI.
HIPAA requires covered entities, such as healthcare providers, health plans, and healthcare clearinghouses, to implement reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI. Covered entities must also enter into contracts with their business associates to ensure that the business associates will safeguard electronic PHI in accordance with HIPAA requirements. HIPAA also provides individuals with certain rights with respect to their PHI, such as the right to access and receive a copy of their PHI, the right to request that their PHI be amended, and the right to file a complaint if they believe their privacy rights have been violated.