An act created by the U.S Congress in 1996 that amends both the Employee Retirement Income Security Act (ERISA) and the Public Health Service Act (PHSA) in an effort to protect individuals covered by health insurance and to set standards for the storage and privacy of personal medical data.
The HIPAA ensures that individual health care plans are accessible, portable, and renewable, and it sets the standards and the methods for how medical data is shared across the U.S. health system in order to prevent fraud. It pre-empts state law unless the state's regulations are more stringent.
This act has been modified since 1996 to include processes for safely storing and sharing patient medical information electronically. The act also has an administrative simplification provision, which is aimed at increasing efficiency and reducing administrative costs by establishing national standards.
Health insurers, health maintenance organizations (HMOs), healthcare billing services and other entities that handle sensitive personal medical information must comply with the standards set by the HIPAA. Noncompliance may result in civil or criminal penalties.