The Health Insurance Portability and Accountability Act (HIPAA) is U.S. law passed by Congress in 1996. It provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs. It also helps to reduce health care fraud and abuse, and it mandates industry-wide standards for health care information on electronic billing and other processes. HIPAA requires the protection and confidential handling of protected health information by health care providers and their associates, which applies to situations when this information is transferred, received, handled, or stored. Additionally, it mandates that only the minimum health information about an individual needed to conduct business should be used or shared.

Would you like to learn how your organization can better comply with HIPAA and protect patient health information? Take a look at our blog post, "IT Risk Management in Healthcare: Stop Using Spreadsheets for GRC."