Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient's health information must adhere to HIPAA compliance requirements.
The Department of Health and Human Services requires both technical safeguards and physical safeguards for protected health information in order to be HIPAA compliant. To help organizations understand these requirement, HHS published two rules: the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule protects all forms of Protected Health Information (PHI) and its confidentiality. The Security Rule provides guidelines for electronic PHI and compliance requirements for technical processes and other technical components of safeguarding this data.
According to the HHS website, entities protecting e-PHI must: