HIPAA is the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA data is the information that would be covered under this act.

Under this act is Protected Health Information (PHI) and ePHI which is only allowed to be viewed by healthcare professionals, authorized individuals, and of course, the person the information belongs to.

Data that falls under HIPAA

  • Physical and mental health information from any time period
    • Conversations, diagnosis, treatment, etc.
  • Provision of healthcare
    • Information on doctors, nurses and other healthcare providers
  • Payments for the provision of healthcare from any time period that identifies the individual or reasonably believed to identify an individual
    • Billing and insurance information
    • Some identifiers (PII) include name, address, birth date, social security number

Background Information

HIPAA was enacted to provide the ability to transfer and continue health insurance coverage in the event of an employment change. Along with the portability of coverage came industry-wide standards for health care information, including the protection of health information (HIPAA data). The protection of health information is intended to reduce health care fraud and other abuse.


The Office for Civil Rights (OCR) enforces the privacy and security rules of HIPAA. The main goal of OCR is to educate communities about civil rights, health information privacy, and patient safety confidentiality laws [1]. But don’t get too relaxed because the OCR is able to levy hefty fines on non-compliant entities.

What resources do you use to become HIPAA compliant?

[1] About OCR on HHS.gov (U.S. Department of Health & Human Services)
Health Information Privacy on HHS.gov
HIPAA Enforcement on HHS.gov

Pin It on Pinterest