HIPAA stands for the Health Insurance Portability and Accountability Act of 1996.

HIPAA was passed to protect patient health information and ensure privacy.

The HIPAA Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate.

HIPAA applies to all health care providers, health plans, health care clearinghouses, and any other entities that create, store, transmit, or manage patient health information.

HIPAA requires covered entities to have physical, administrative, and technical safeguards in place to protect patient health information.

HIPAA also requires covered entities to provide individuals with access to their own health information and an accounting of disclosures.

HIPAA also requires covered entities to comply with certain administrative requirements, such as developing policies and procedures and training staff.

Covered entities are required to report any breaches of unsecured PHI to the Department of Health and Human Services.

Violations of HIPAA can result in civil and criminal penalties.

HIPAA is enforced by the Department of Health and Human Services’ Office for Civil Rights.