HIPAA, which stands for the Health Insurance Portability and Accountability Act, is an American law that governs the way medical offices and the health insurance industry handle confidential and sensitive patient information. HIPAA compliance refers to the steps that a medical or insurance business, including its employees, subcontractors and business associates, must take to ensure the security of this confidential information, notes OnLineTech.com. The information in question is referred to as PHI, or protected health information, and HIPAA requires that this protected health information remains inaccessible to the general public and is only available for viewing by parties with sufficient permission.
Any organization that deals with PHI is responsible for keeping this information secure from outside parties, including people from outside of the organization and people within the organization who do not have permission to view PHI. Organizations are individually responsible for ensuring that their technology is HIPAA compliant; a lack of compliance could lead to civil lawsuits and criminal penalties, according to TrueVault.com.
Many companies make HIPAA compliance software and provide other data security products that can help medical businesses and associated organizations keep PHI protected. Organizations can also introduce HIPAA compliance procedures, which may include reducing the number of people who deal directly with confidential patient information.