The Health Insurance Portability and Accountability Act (HIPAA) of 1996 provides regulations pertaining to the security and privacy of protected health information (PHI) within covered entities (health care providers, insurance companies, claims processors, and others). The regulations also standardize health care transactions and code sets, but we will concentrate on only the security and privacy implications.

The security regulations outline controls that need to be in place to protect health information electronically. The privacy regulations focus on the privacy of PHI and create a broad standard that due care must be taken to protect all PHI, whether in electronic, hard copy, or other form. The privacy ...