Skip to content
Get started
Image contains text that breaks down the HIPAA acronym into it's parts. (Health Insurance Portability and Accountability Act)
HIPAA

What is HIPAA?

Fortress Concepts |

HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.

It is a United States federal law that focuses on two things:

#1 Protect people’s health information

#2 Make it easier for people to keep health insurance coverage when they change or lose jobs (this is the “Portability” part, though these days people mostly think of HIPAA in terms of privacy and security).

For businesses like healthcare providers, insurance companies, and their vendors — HIPAA primarily means strict rules on how patient data is stored, shared, accessed, and protected.

HIPAA is often associated with several specific "rules" that define its requirements for protecting health information and ensuring compliance. These rules include:

Privacy Rule

The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information (PHI). It governs how PHI can be used and disclosed by covered entities and business associates, while granting individuals rights such as access to their own health information and the ability to request corrections.

Security Rule

The Security Rule focuses on safeguarding electronic protected health information (ePHI). It requires covered entities to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI.

Breach Notification Rule

Introduced via the HITECH Act, this rule mandates that covered entities and business associates notify affected individuals, the Department of Health and Human Services (HHS), and sometimes the media in case of breaches involving unsecured PHI.

Enforcement Rule

The Enforcement Rule outlines procedures for investigating HIPAA violations and imposes penalties for noncompliance. It includes financial penalties based on the severity of violations.

Omnibus Rule

The Omnibus Rule updated HIPAA regulations in 2013, incorporating provisions from the HITECH Act. It strengthened privacy protections, expanded requirements for business associates, and clarified rules around PHI use for marketing.

Ultimately, you must follow HIPAA guidelines if you are handling patient healthcare information. To learn more about HIPAA requirements and stay up to date, join the Fortess Concepts Newsletter here.

Share this post

Keep reading