What is HIPAA?
The US law that sets national standards for protecting patient health information held by healthcare providers, plans and their business associates.
Definition
HIPAA (the Health Insurance Portability and Accountability Act) is a US federal law that sets national standards for protecting Protected Health Information (PHI). Its rules apply to “covered entities” — healthcare providers, health plans and clearinghouses — and to the “business associates” that handle PHI on their behalf.
HIPAA is enforced by the HHS Office for Civil Rights and is built around several rules — most importantly the Privacy Rule, the Security Rule and the Breach Notification Rule.
HIPAA's core rules
Privacy Rule
Governs how PHI may be used and disclosed.
Security Rule
Administrative, physical and technical safeguards for ePHI.
Breach Notification Rule
Notify individuals and HHS after a breach.
Business Associate Agreements
Contracts binding vendors to HIPAA.
Risk analysis
A required, ongoing assessment of risks to ePHI.
Who needs to comply?
US healthcare providers, health plans and clearinghouses — plus any business associate (SaaS vendors, billing firms, cloud hosts and more) that creates, receives, maintains or transmits PHI.
How ISpectra helps
ISpectra delivers full HIPAA readiness — risk analysis, Security Rule safeguards, policies, BAA management and workforce training — so covered entities and business associates can demonstrate compliance and pass client due diligence.
Talk to an advisor