ISpectra Technologies
Healthcare · US Regulation

What is HIPAA?

The US law that sets national standards for protecting patient health information held by healthcare providers, plans and their business associates.

Definition

HIPAA (the Health Insurance Portability and Accountability Act) is a US federal law that sets national standards for protecting Protected Health Information (PHI). Its rules apply to “covered entities” — healthcare providers, health plans and clearinghouses — and to the “business associates” that handle PHI on their behalf.

HIPAA is enforced by the HHS Office for Civil Rights and is built around several rules — most importantly the Privacy Rule, the Security Rule and the Breach Notification Rule.

HIPAA's core rules

1

Privacy Rule

Governs how PHI may be used and disclosed.

2

Security Rule

Administrative, physical and technical safeguards for ePHI.

3

Breach Notification Rule

Notify individuals and HHS after a breach.

4

Business Associate Agreements

Contracts binding vendors to HIPAA.

5

Risk analysis

A required, ongoing assessment of risks to ePHI.

Who needs to comply?

US healthcare providers, health plans and clearinghouses — plus any business associate (SaaS vendors, billing firms, cloud hosts and more) that creates, receives, maintains or transmits PHI.

How ISpectra helps

ISpectra delivers full HIPAA readiness — risk analysis, Security Rule safeguards, policies, BAA management and workforce training — so covered entities and business associates can demonstrate compliance and pass client due diligence.

Talk to an advisor