What is HIPAA?

HIPAA is a security rule that aims to guarantee the confidentiality, integrity, and availability of patient information maintained on computers or computer related media and any patient information transmitted via an internal or external computer network. It requires covered entities do more than limit unauthorized access to patient information. It also requires covered entities to execute or at least address the reasonableness of executing, policies and procedures that ensure the accessibility and integrity of electronic protected health information.

To comply, a coved entity must implement security measures to limit unauthorized access, it also must prevent unauthorized modifications of electronic protected health information, be able to access electronic health information in the event of an emergency or natural disaster, and protect health information against any reasonably anticipated threat or hazard to the security or integrity, any reasonably anticipated use or disclosure of the information that would violate privacy guidelines, and ensure that members of the covered entity's work force comply with regulations. HIPAA employs both a Security Rule and a Privacy Rule to facilitate the protection of health information.