HIPPA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an act of the US Congress that oversees the privacy and security of protected health information (PHI).

Examples of PHI include an individual’s health status, insurance provider, medical result, payment method, or other information that an be used as a personal identifier. By creating rules focused on privacy, security, and breach notification, HIPAA aims to give individuals the right to their health information.

Protected Health Information (PHI):
   Medical records
   Laboratory results
   Health plan and insurance records
   Appointment history
   Prescriptions
   Hospital admission records 

All organizations in the US that classify as a covered entity or business associate of a covered entity are expected to be HIPAA compliant. Covered entities include:

Health plans: Includes health insurance companies, company health plans, etc.

Healthcare clearinghouses: Any entity that processes nonstandard health information received from another entity into a standard format

Healthcare providers: Includes doctors, dentists, clinics, pharmacies, etc.


While HIPAA doesn’t have a certification body or official certifications, it’s enforced by the US Department of Health and Human Services’ Office for Civil Rights (OCR). Organizations that fail to comply with required periodic technical and nontechnical evaluations or are found to be in violation of HIPAA will incur penalties and lose public trust.