Home / Authority / RegulatorHIPAA
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) is the United States’ primary federal authority on health information privacy and security, operating as a comprehensive regulatory framework since its enactment in 1996 to provide a unified national response to the protection of sensitive patient data. HIPAA supports the healthcare sector—including providers, health plans, and business associates—by offering the HIPAA Privacy, Security, and Breach Notification Rules to reduce the risk of unauthorized disclosures and to help make the U.S. healthcare system the safest place to manage electronic Protected Health Information (ePHI). Acting as the nation’s chief safeguard for medical data, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) monitors compliance, issues threat-adaptive updates (such as the 2026 Security Rule Overhaul which mandates MFA and encryption), coordinates with industry partners to implement “Recognized Security Practices,” and serves as the single point of enforcement for health data breaches, ensuring a coordinated and resilient national approach to patient privacy and cybersecurity.