HIPAA is the Health Insurance Portability and Accountability Act of 1996. It was put in place to protect the confidentiality of personal health information and provide security for that information in electronic form, explains the U.S. Department of Health & Human Services.
The Privacy Rule of the HIPPA law protects all "individually identifiable health information" held by a covered entity, according to the U.S. Department of Health & Human Services. This information is called protected health information or PHI. Health information that is de-identified, which means it does not provide a reasonable basis for identifying a person, is not covered by the HIPPA law.
The Security Rule of the HIPPA law protects a subset of the health information covered by the Privacy Rule, notes the U.S. Department of Health & Human Services. This information is all in electronic form and is either created, transmitted or received by a covered entity. The rule covers health plans, health care clearinghouses and health care providers. All of these entities must take steps to ensure this information is protected by analyzing risks and implementing security measures.
The HIPPA law gives individuals control over disclosure of their personal health information, states the U.S. Department of Health & Human Services. Not only is information about health care received covered but so is billing information regarding the treatment.