Close this search box.

Table of Contents

Health Insurance Portability and Accountability Act (HIPAA)


The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. legislation passed in 1996 that provides data privacy and security measures for safeguarding medical information. It also allows individuals to carry their health insurance coverage from one job to another. Moreover, it sets standards for electronic health data transmission and requires healthcare organizations to implement secure electronic access to health data.


Health Insurance Portability and Accountability Act (HIPAA) is pronounced as /hɪˈpɑː/.

Key Takeaways

  1. HIPAA protects patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers. It provides patients with access to their medical records and with significant control over how their personal health information is used and disclosed.
  2. HIPAA provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs, hence the ‘Portability’ in the title.
  3. HIPAA’s Privacy Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. It also gives patients rights over their health information, including rights to examine and obtain a copy of their health records.


The Health Insurance Portability and Accountability Act (HIPAA) is critically important because it sets the standard for the protection of sensitive patient data in the United States. By establishing mandatory regulations for healthcare providers, health plans, and businesses, HIPAA ensures that individuals’ health information is securely stored and confidentially handled. It provides patients with rights over their health information and restricts who has access to this data, preventing unauthorized disclosure. Additionally, HIPAA also provides provisions for employees to keep their health insurance when changing or losing their jobs, promoting continuity of health care coverage. Any noncompliance or breach of HIPAA can lead to severe penalties, reinforcing the importance of maintaining strict patient privacy protocols in the healthcare and related sectors.


The primary purpose of the Health Insurance Portability and Accountability Act (HIPAA) is to protect individuals’ medical records and other personal health information. Created in 1996 by the US Congress, this legislation aims to ensure privacy and security of medical information, while setting standards for electronic data exchange. It’s a tool that works towards reinforcing the ability of patients to control how their personal health information is utilized and disclosed, and ensures that the obligation of safeguarding this information lies with the healthcare providers, health plans, or other related entities.

In terms of application, HIPAA is used to impose a set of national standards for healthcare providers to adhere to, such as protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. It includes provisions that minimize health insurance coverage discrimination and ensure coverage continuity when employees change or lose their jobs. Importantly, non-adherence or violation of HIPAA regulations can result in both civil and criminal penalties, reinforcing its role in regulating the health insurance sector and ensuring patient confidentiality.


Example 1: A Doctor’s OfficeIn a doctor’s office, all patient records are stored in a secure digital system that is accessible only to authorized personnel. This is to maintain the privacy of the patient’s healthcare records as required by HIPAA. The system ensures that the personal and healthcare information of the patient is not accessible or shared without the patient’s proper consent. For instance, the doctor cannot share the patient’s information with a pharmaceutical company without the patient’s explicit permission.

Example 2: A Health Insurance ProviderA health insurance provider is required to adhere to HIPAA guidelines in order to safeguard the data of its policyholders. For example, if a policyholder has recovered from a severe illness and switches to another insurance company, the previous company cannot disclose their personal health information to the new insurer without the insured party’s proper consent.

Example 3: A HospitalIn a hospital setting, employees only have access to patient data when it is necessary for their job functions. For example, a doctor or nurse treating a patient would have access to that patient’s medical history, but administrative staff who handle billing or appointments would not. Even room-assignment staff who may need to assign patients in the appropriate wards would only have access to pertinent information that is part of their job function, all in accordance with HIPAA rules. In addition, any physical records containing patient information are stored in secure locations and are destructed appropriately so as not to be retrievable.

Frequently Asked Questions(FAQ)

What is the Health Insurance Portability and Accountability Act (HIPAA)?

HIPAA is a federal law enacted in 1996 by the United States Congress. Its primary goal is to make it easier for people to keep healthcare insurance, protect the confidentiality and security of healthcare information, and help the healthcare industry control administrative costs.—

Who is required to comply with HIPAA?

HIPAA regulations apply to two groups, known as covered entities and business associates. Covered entities include health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information. Business associates are people or entities performing functions or activities that involve the use or disclosure of protected health information on behalf of a covered entity.—

What rights does HIPAA provide to individuals concerning their health information?

HIPAA grants individuals several rights with respect to their health information including the right to access their health information, request a correction/amendment of health data, obtain an accounting of disclosures of their health data, request restrictions on certain uses and disclosures, and receive confidential communications of their health information.—

What type of information is protected under HIPAA?

HIPAA protects all individually identifiable health information held or transmitted by a covered entity or its business associate. This includes demographic data, medical histories, test results, insurance information, and other information related to a person’s health or healthcare.—

What are the penalties for HIPAA violations?

HIPAA penalties vary based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.—

How can a business ensure HIPAA Compliance?

To ensure HIPAA compliance, businesses should conduct regular audits, provide training to their employees, establish a privacy officer, use secure systems for storing and transmitting data, have contingency plans in place, and establish a system for addressing data breaches.—

How does HIPAA relate to electronic health records (EHRs)?

HIPAA has rules that govern the use, access, and sharing of patient information stored in EHRs. They protect patient privacy by stipulating who can access EHRs, what information can be shared, and under what conditions it can be shared. Compliance with HIPAA is crucial when using EHRs. —

Does HIPAA apply to health information shared on social media?

Yes. It is important for healthcare providers and their business associates to remember that sharing protected health information on social media without the express permission of the patient is a violation of HIPAA.

Related Finance Terms

  • Protected Health Information (PHI)
  • Business Associate Agreement (BAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Electronic Protected Health Information (ePHI)
  • Minimum Necessary Rule

Sources for More Information

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More