HIPAA

ELI5: What is HIPAA?

HIPAA is the law that keeps your doctor visits private. Hospitals and clinics can’t share your health records with strangers — they have to lock that information up tight and only let the right people see it.

Definition

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a US federal law that establishes national standards for protecting Protected Health Information (PHI). HIPAA applies to covered entities (healthcare providers, health plans, healthcare clearinghouses) and their business associates (vendors that handle PHI on their behalf). The HIPAA Security Rule specifically addresses electronic PHI (ePHI) and requires administrative, physical, and technical safeguards.

Key Details

Privacy Rule: governs the use and disclosure of PHI; patients have rights to access and correct their records
Security Rule: requires administrative (policies, training, access management), physical (facility controls), and technical (encryption, audit logs) safeguards for ePHI
Breach Notification Rule: requires notification within 60 days of discovery; large breaches (500+) require media notification
Business Associate Agreements (BAAs): required when sharing PHI with vendors; vendors must meet HIPAA requirements
Penalties range from $100 t o$ 50,000 per violation, up to $1.9M annually per violation category

Connections

Parent: regulations-and-frameworks — HIPAA is the primary US privacy regulation for healthcare
See also: phi-protected-health-information
See also: data-breach-notification

SY0-701 Study Notes

Explorer

HIPAA

Definition

Key Details

Connections

Graph View

Table of Contents

Backlinks