HIPAA (Health Insurance Portability and Accountability Act)

HIPAA is a US federal law enacted in 1996 that creates national standards for the protection of health information. It consists of five rules: the Privacy Rule (governing use and disclosure of PHI), the Security Rule (requiring safeguards for electronic PHI), the Breach Notification Rule (requiring notification of breaches), the Enforcement Rule (establishing penalties), and the Omnibus Rule (extending requirements to business associates). HIPAA applies to covered entities (healthcare providers, health plans, clearinghouses) and business associates (any organization handling PHI on behalf of a covered entity). Violations can result in fines from $100 to $50,000 per violation, up to $1.5 million per year, plus criminal penalties including imprisonment.