The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is legislation designed to make it easier for American workers to keep health insurance coverage when they change or lose their job. The legislation also seeks to encourage the adoption of electronic medical records in order to improve the efficiency and quality of the US healthcare system by improving the exchange of information.
In addition to increasing the use of electronic health records, HIPAA includes provisions to ensure the security and privacy of protected health information (PHI). PHI includes a wide variety of personally identifiable health data and health-related data, including insurance and billing information to diagnostic, clinical care, and laboratory results data, such as images and test results. HIPAA rules apply to affected entities, including hospitals, medical providers, company-supported health plans, research facilities, and insurance companies that interact directly with patients and their data. The HIPAA requirement to protect PHI also extends to business associates.
The Health Information Technology for Economic and Clinical Health Act (HITECH) expanded HIPAA rules in 2009. HIPAA and HITECH establish a set of federal standards created to ensure the security and privacy of protected health information. These provisions are included in what is known as the "administrative simplification" rules. HIPAA and HITECH impose requirements related to the use and disclosure of protected health information, the appropriate methods to protect it, individual rights and administrative responsibilities.