The Health Insurance Portability and Accountability Act specifies requirements for the privacy and security of all individually identifiable patient health information in any form or media, whether electronic, paper, or oral. The HIPAA Privacy Rule refers to these data as “protected health information” (PHI). Examples of PHI include:
- An individual’s past, present, or future physical or mental health or condition
- The provision of health care to the individual
- Past, present, or future payment for the provision of healthcare
- Common identifiers such as name, address, birthdate, and Social Security Number
Where does HIPAA apply?
Any individual or department that produces, uses, stores, or transmits patient health records should comply with HIPAA.