The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that was passed in 1996 to make it easier for people to keep their health insurance when they change jobs. The law established rules for the electronic interchange of patient information, known as Protected Health Information (PHI). To execute that portion of the law, the U.S. Department of Health and Human Services established the Privacy Rule, and its Office of Civil Rights is in charge of implementing it.
HIPAA compliance restricts covered entitles to keep protected health information private. A covered entity’s protected health information is health information that it creates, receives, transmits, and maintains. This includes information relating directly or indirectly to the person’s past, present, or future, physical or mental health, services provided to the person, and health care expenses and payments.