Back to glossary


The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that establishes standards for protecting electronic health information. HIPAA applies to companies that conduct health-related transactions electronically (such as health care clearinghouses), but also to any other entity that holds individually identifiable health information. 

These are defined as 'covered entities', and they are required to implement safeguards (physical, technical, and administrative) on electronic protected health information (ePHI). These safeguards include measures such as encryption, access controls, and audits to ensure that ePHI is accessed and used only by authorized individuals, and to otherwise protect the confidentiality, integrity, and availability of these records.