What is the Health Insurance Portability and Accountability Act of 1996 (HIPAA)?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a U.S. law enacted in 1996 to regulate the privacy and security of personal health information by creating national standards for electronic healthcare transactions. A key provision is the basic rule that patients opt-in before their information is shared with other organizations. Information can be shared, however, for healthcare operations, treatment and payment.
HIPAA can be enforced by either the U.S. Department of Health and Human Services or by the FTC under its authority regarding unfair and deceptive practices for data breaches related to medical records. HIPAA is enforced by the Department of Justice (DOJ) on criminal matters.
The HIPAA medical privacy rule does not preempt state law. States may pass laws with stricter requirements.
HIPAA imposes specific training requirements for all employees of covered entities.