HIPAA was enacted in 1996 and requires covered entities (healthcare providers, health plans and healthcare clearinghouses) to protect the privacy and security of individual health information (PHI - Protected Health Information).
The specific implementation requirements for HIPAA are covered in theL
- HIPAA Security Rule (45 CFR parts 160, 162 and 164)
- HIPAA Privacy Rule (45 CFR parts 160 and 164)
The HITECH Act of 2009 broadens the scope of HIPAA compliance to include business associates of HIPAA covered entities. The HITECH Act introduces new security and privacy related requirements along with notification requirements.