The Health Insurance Portability and Accountability act (HIPAA) defines rules for the security and privacy of healthcare information, called Protected/Personal Health Information (PHI). The US Department of Health & Human Services (HHS) is responsible for enforcement. You may be subject to HIPAA if you are a:

  • Covered Entity: a business that generates or processes PHI
  • Business Associate: a business supporting a Covered Entity