HIPAA LAW is a federal law known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated the development of national standards to prevent the disclosure of sensitive patient health information without the patient’s knowledge or consent.
To put HIPAA’s obligations into practise, the US Department of Health and Human Services (HHS) established the HIPAA Privacy Rule. A portion of the data covered by the Privacy Rule is protected under the HIPAA Security Rule.
HIPAA Privacy Rule
The Privacy Rule’s principles cover how organisations covered by the rule should use and disclose peoples’ protected health information (also known as PHI). The term “covered entities” refers to these people and businesses.
The Privacy Rule also establishes guidelines for people’s rights to know how their health information is used and to exercise that control.
A key objective of the Privacy Rule is to guarantee that people’s health information is appropriately safeguarded while permitting the flow of health information required to deliver and promote high-quality healthcare, as well as to safeguard the health and wellbeing of the general public.
The Privacy Rule authorises significant information uses while safeguarding the privacy of those seeking medical treatment and recovery.
HIPAA Security Rule

While the HIPAA Privacy Rule protects PHI, the Security Rule shields a portion of the data that falls under the Privacy Rule’s purview.
This subset consists of all electronic individually identifiable health information that a covered entity generates, acquires, maintains, or transmits. Electronic protected health information, or e-PHI, is what this data is known as PHI that is transmitted verbally or in writing is not covered by the Security Rule.
All covered entities must do following things in order to abide by the HIPAA Security Rule:
Assure the availability, confidentiality, and integrity of all e-PHI.
Identify and protect against any threats to the information’s security.
Defend against foreseeable improper uses or disclosures that the rule does not permit.
Verify the workforce’s compliance.
When evaluating requests for these permissible uses and disclosures, covered entities should rely on professional ethics and their best judgement. HIPAA regulations are enforced by the HHS Office for Civil Rights, and any complaints should be directed there. Penalties for HIPAA infractions can be either financial or legal.