In the U.S., the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge under the responsibility of the Secretary of the Department of Health and Human Services (HHS).

It comprises multiple related facets, including the HIPAA Security Rule, the main goal of which is protecting the privacy of individuals’ health information, while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. The Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009, expanded the responsibilities of business associates to access or use such health information under the HIPAA Security Rule.

According to the HHS, the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission, apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act.

This is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information. As an overview of the Security Rule, it does not address every detail of each provision.

PANACEA Research perspectives: PANACEA is investigating EU and international regulations and policy contexts related to security and privacy aspects of healthcare delivery. Understanding the various rules and regulations in such contexts is important in defining the PANACEA market perimeter and the overall advances of its research and innovations in the context of the European Horizon 2020 programme. 

Lookout Watch entry date: May 2019

Watch Type: