Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes a comprehensive cybersecurity framework designed to protect electronic protected health information (ePHI) within healthcare organizations. Central to HIPAA’s cybersecurity mandate is the Security Rule, which requires covered entities and their business associates to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI. Administrative safeguards include risk assessments, assigning security responsibilities, workforce training, and access management. Physical safeguards focus on securing facilities and devices to prevent unauthorized access. Technical safeguards mandate encryption, access controls, audit controls, and transmission security to protect data during storage and transfer. Regular security audits, incident response planning, and breach notification protocols are also critical components to maintain compliance and mitigate risks. These measures collectively aim to prevent data breaches, protect patient privacy, and uphold trust in healthcare data handling.


Publication's URL

https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *