The Health Insurance Portability and Accountability Act (HIPAA) of 1996, was enacted by Congress to protect sensitive patient data. The act contains a “Privacy Rule” and a “Security Rule,” which protect the privacy of patients and set standards for the security of electronic protected health information (e-PHI). Together, these rules establish national standards for how companies should handle sensitive patient data and ensure data confidentiality, availability, and integrity. HIPAA threw a curve ball at the
healthcare industry, with mandatory requirements that sent providers scrambling to ensure compliance under HIPAA’s rules and regulations.
Moreover, the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009, brought a dramatic update to the HIPAA Security Rule that more clearly defined the guidelines for proper interaction with health information, expanded the liabilities of companies that are subject to oversight, increased fines for non-compliance, enabled more stringent enforcement and incentivized healthcare companies to move to the digitization of health records.